From d13f79f11d93c15b4abe9778b1fd80aabdeff57d Mon Sep 17 00:00:00 2001 From: Adam Montgomery Date: Thu, 30 Jan 2020 11:39:46 -0500 Subject: [PATCH] remove references to /etc/wireguard --- README.md | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index a255a24..c3c83b8 100644 --- a/README.md +++ b/README.md @@ -381,14 +381,14 @@ Overview of the general process: 1. Install `apt install wireguard` or `pkg/brew install wireguard-tools` on each node 2. Generate public and private keys locally on each node `wg genkey`+`wg pubkey` -3. Create a `/etc/wireguard/wg0.conf` WireGuard config file on the main relay server +3. Create a `wg0.conf` WireGuard config file on the main relay server - `[Interface]` Make sure to specify a CIDR range for the entire VPN subnet when defining the address the server accepts routes for `Address = 192.0.2.1/24` - `[Peer]` Create a peer section for every client joining the VPN, using their corresponding remote public keys -4. Create a `/etc/wireguard/wg0.conf` WireGuard config file on each client node +4. Create a `wg0.conf` on each client node - `[Interface]` Make sure to specify only a single IP for client peers that don't relay traffic `Address = 192.0.2.3/32`. - `[Peer]` Create a peer section for each public peer not behind a NAT, make sure to specify a CIDR range for the entire VPN subnet when defining the remote peer acting as the bounce server `AllowedIPs = 192.0.2.1/24`. Make sure to specify individual IPs for remote peers that don't relay traffic and only act as simple clients `AllowedIPs = 192.0.2.3/32`. -5. Start WireGuard on the main relay server with `wg-quick up /etc/wireguard/wg0.conf` -6. Start WireGuard on all the client peers with `wg-quick up /etc/wireguard/wg0.conf` +5. Start WireGuard on the main relay server with `wg-quick up /full/path/to/wg0.conf` +6. Start WireGuard on all the client peers with `wg-quick up /full/path/to/wg0.conf` 7. Traffic is routed from peer to peer using most specific route first over the WireGuard interface, e.g. `ping 192.0.2.3` checks for a direct route to a peer with `AllowedIPs = 192.0.2.3/32` first, then falls back to a relay server that's accepting ips in the whole subnet ### Setup @@ -439,9 +439,8 @@ wg pubkey < example.key > example.key.pub ### Start / Stop ```bash -# first, create a configuration file at /etc/wireguard/wg0.conf -wg-quick up /etc/wireguard/wg0.conf -wg-quick down /etc/wireguard/wg0.conf +wg-quick up /full/path/to/wg0.conf +wg-quick down /full/path/to/wg0.conf # Note: you must specify the absolute path to wg0.conf, relative paths won't work ``` @@ -570,14 +569,12 @@ dig example.com A ### Overview -WireGuard config files are in INI syntax. The configuration is specified as an argument when running any `wg-quick` command, e.g.: +WireGuard config is in INI syntax, defined in a file usually called `wg0.conf`. It can be placed anywhere on the system, but is often placed in `/etc/wireguard/wg0.conf`. -```bash -# you must use an absolute path; relative paths won't work -wq-quick up /etc/wireguard/wg0.conf -``` +The config path is specified as an argument when running any `wg-quick` command, e.g: +`wg-quick up /etc/wireguard/wg0.conf` (always specify the full, absolute path) -The file name must be in the format `${name of the new wireguard interface}.conf`. `wg-quick` looks for config files in `/etc/wireguard` by default, so it usually makes sense to place them there. Wireguard interface names are typically prefixed with `wg` and numbered starting at `0`, but you can use any name that matches the regex `^[a-zA-Z0-9_=+.-]{1,15}$`. A configuration file for the interface `wg0` would typically be found at `/etc/wireguard/wg0.conf`. +The config file name must be in the format `${name of the new wireguard interface}.conf`. WireGuard interface names are typically prefixed with `wg` and numbered starting at `0`, but you can use any name that matches the regex `^[a-zA-Z0-9_=+.-]{1,15}$`. Config files can opt to use the limited set of `wg` config options, or the more extended `wg-quick` options, depending on what command is preferred to start WireGuard. These docs recommend sticking to `wg-quick` as it provides a more powerful and user-friendly config experience.