@ -369,6 +369,7 @@ Some services that help with key distribution and deployment:
- https://github.com/its0x08/wg-install
- https://github.com/brittson/wireguard_config_maker
- https://www.wireguardconfig.com
- https://wirt.network
You can also read in keys from a file or via command if you don't want to hardcode them in `wg0.conf` , this makes managing keys via 3rd party service much easier:
@ -519,6 +520,26 @@ ip route show table local
ip route get 192.0.2.3
```
#### Logs
To enable additional logging run:
```bash
modprobe wireguard
echo module wireguard +p > /sys/kernel/debug/dynamic_debug/control
```
To follow logs:
```bash
dmesg -wH
```
Systems with modern kernel and Safe Boot might require disabling Secure Boot DKMS Signature Verification to allow access to kernel logs.
```bash
mokutil --disable-verification
reboot
```
### Testing
#### Ping Speed
@ -605,10 +626,10 @@ Config files can opt to use the limited set of `wg` config options, or the more
¶ < a href = "#PostDown" > `PostDown = /bin/example arg1 arg2 %i`< / a >
¶ < a href = "#Peer - "> `[Peer]`< / a >
¶ < a href = "#-Name 1"> `# Name = node2-node.example.tld`< / a >
¶ < a href = "#Peer "> `[Peer]`< / a >
¶ < a href = "#-Name - 1"> `# Name = node2-node.example.tld`< / a >
¶ < a href = "#AllowedIPs" > `AllowedIPs = 192.0.2.1/24`< / a >
¶ < a href = "# ListenPor t"> `Endpoint = node1.example.tld:51820`< / a >
¶ < a href = "# Endpoin t"> `Endpoint = node1.example.tld:51820`< / a >
¶ < a href = "#PublicKey" > `PublicKey = remotePublicKeyAbcAbcAbc=`< / a >
¶ < a href = "#PersistentKeepalive" > `PersistentKeepalive = 25`< / a >
@ -988,6 +1009,7 @@ NAT-to-NAT connections from behind NATs with strict source-port randomization is
- https://github.com/takutakahashi/wg-connect
- https://git.zx2c4.com/wireguard-tools/tree/contrib/nat-hole-punching/
- https://github.com/jwhited/wgsd
##### Dynamic IP addresses
Many users report having to restart WireGuard whenever a dynamic IP changes, as it only resolves hostnames on startup. To force WireGuard to re-resolve dynamic DNS `Endpoint` hostnames more often, you may want to use a `PostUp` hook to restart WireGuard every few minutes or hours.
@ -1009,6 +1031,7 @@ NAT-to-NAT connections are often more unstable and have other limitations, which
- https://github.com/WireGuard/WireGuard/tree/master/contrib/examples/nat-hole-punching
- https://staaldraad.github.io/2017/04/17/nat-to-nat-with-wireguard/
- https://golb.hplar.ch/2019/01/expose-server-vpn.html
- https://www.jordanwhited.com/posts/wireguard-endpoint-discovery-nat-traversal/
**Example**
@ -1100,6 +1123,7 @@ These are some GUI and CLI tools that wrap WireGuard to assist with config, depl
- https://github.com/naggie/dsnet
- https://github.com/perara/wg-manager
- https://github.com/pivpn/pivpn
- https://github.com/BrunIF/wg-ccg
### Config Shortcuts
@ -1292,7 +1316,7 @@ For more details see the Further Reading: Docker section below.
- https://github.com/WireGuard/wireguard-go
- https://www.veeam.com/blog/veeam-pn-v2-wireguard.html
- https://github.com/wg-dashboard/wg-dashboard
- https://wirt.network
- https://wirtbot.com
- https://github.com/seashell/drago
- https://www.wireguardconfig.com
- https://github.com/angristan/wireguard-install
@ -1301,6 +1325,7 @@ For more details see the Further Reading: Docker section below.
- https://github.com/apognu/wgctl
- https://github.com/tailscale/tailscale
- https://github.com/pivpn/pivpn
- https://github.com/jwhited/wgsd
### Docker