systemd-networkd: add wireguard
This commit is contained in:
parent
1ac02dbf81
commit
539796cf56
|
@ -7,5 +7,5 @@ DNS=1.1.1.1
|
|||
|
||||
DNS=1.0.0.1
|
||||
|
||||
# Link discovery causes some issues on wwan so disable it.
|
||||
# Link discovery causes some issues so disable it.
|
||||
LLDP=no
|
||||
|
|
|
@ -8,7 +8,7 @@ IPForward=yes
|
|||
# Masquerade.
|
||||
IPMasquerade=both
|
||||
|
||||
# Link discovery causes some issues on wwan so disable it.
|
||||
# Link discovery causes some issues so disable it.
|
||||
LLDP=no
|
||||
|
||||
# As systemd-networkd doesn't yet *fully* support being a dhcp server
|
||||
|
|
|
@ -0,0 +1,37 @@
|
|||
[Route]
|
||||
|
||||
# v4
|
||||
Gateway=<IPv4>
|
||||
|
||||
# v6
|
||||
Gateway=<IPv6>
|
||||
|
||||
# Not always needed but here just in case.
|
||||
#GatewayOnLink=yes
|
||||
|
||||
[Network]
|
||||
|
||||
# v4
|
||||
Address=<IPv4>/prefix
|
||||
|
||||
# v6
|
||||
Address=<IPv6>/prefix
|
||||
|
||||
|
||||
# DNS
|
||||
# 1.1.1.1 / 1.0.0.1 / 2606:4700:4700::1111 / 2606:4700:4700::1001
|
||||
# are Cloudflare
|
||||
DNSOverTLS=opportunistic
|
||||
|
||||
# v4
|
||||
DNS=1.1.1.1
|
||||
|
||||
DNS=1.0.0.1
|
||||
|
||||
# v6
|
||||
DNS=2606:4700:4700::1111
|
||||
DNS=2606:4700:4700::1001
|
||||
|
||||
# Link discovery causes some issues so disable it.
|
||||
LLDP=no
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
[Network]
|
||||
|
||||
Address=10.0.0.1/24
|
||||
|
||||
# For clients use an IP address within the peer range with a prefix!
|
||||
#Address=10.0.0.2/32
|
||||
|
||||
DNSOverTLS=opportunistic
|
||||
|
||||
DNS=1.1.1.1
|
||||
|
||||
DNS=1.0.0.1
|
||||
|
||||
# Link discovery causes some issues so disable it.
|
||||
LLDP=no
|
||||
|
|
@ -0,0 +1,35 @@
|
|||
[NetDev]
|
||||
Name=wg0
|
||||
|
||||
Kind=wireguard
|
||||
|
||||
[WireGuard]
|
||||
|
||||
# Port to listen on.
|
||||
ListenPort=31987
|
||||
|
||||
# The Base64 encoded private key for the interface. It can be generated
|
||||
# using the wg genkey command (see wg(8)). This option or
|
||||
# PrivateKeyFile= is mandatory to use WireGuard. Note that because this
|
||||
# information is secret, you may want to set the permissions of the
|
||||
# .netdev file to be owned by "root:systemd-network" with a "0640" file
|
||||
# mode.
|
||||
PrivateKey=<YOUR KEY HERE>
|
||||
|
||||
|
||||
# For Peers.
|
||||
[WireGuardPeer]
|
||||
|
||||
# Base64 encoded public key calculated by wg pubkey (see wg(8)) from a
|
||||
# private key, and usually transmitted out of band to the author of the
|
||||
# configuration file. This option is mandatory for this section.
|
||||
#PublicKey=<YOUR KEY HERE>
|
||||
|
||||
# Comma-separated list of IP addresses with CIDR masks from which this
|
||||
# peer is allowed to send incoming traffic and to which outgoing traffic
|
||||
# for this peer is directed.
|
||||
AllowedIPs=0.0.0.0/0, ::/0
|
||||
|
||||
# Endpoint of a peer (for clients).
|
||||
#Endpoint=<ip>:<port>
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
# Needs wg0.netdev & wireguard & wireguard-tools installed to work.
|
||||
|
||||
[Match]
|
||||
Name=wg0
|
Loading…
Reference in New Issue