DB0BS wireguard Installation

Download unter: https://github.com/WireGuard/wireguard-vyatta-ubnt/releases Edgerouter X (ER-X) wird dort als E50 referenziert.

Das .deb file kann mittels curl direkt auf den ER-X heruntergeladen und installiert werden:

 # sudo su -
 # cd /tmp
 # curl -o e50-v2-v1.0.20211208-v1.0.20210914.deb "https://objects.githubusercontent.com/github-production-release-asset-2e65be/260995176/2634fecb-864f-43b5-a90d-361f3ee9ee8b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20211230%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20211230T162430Z&X-Amz-Expires=300&X-Amz-Signature=0b7488d50a91066611a1f823783b47b9a24ec2e32c07f10980b032b1cc62fcd1&X-Amz-SignedHeaders=host&actor_id=7112907&key_id=0&repo_id=260995176&response-content-disposition=attachment%3B%20filename%3De50-v2-v1.0.20211208-v1.0.20210914.deb&response-content-type=application%2Foctet-stream"
 # dpkg -i e50-v2-v1.0.20211208-v1.0.20210914.deb
 Selecting previously unselected package wireguard.
 (Reading database ... 37090 files and directories currently installed.)
 Preparing to unpack e50-v2-v1.0.20211208-v1.0.20210914.deb ...
 Adding 'diversion of /opt/vyatta/share/perl5/Vyatta/Interface.pm to /opt/vyatta/share/perl5/Vyatta/Interface.pm.vyatta by wireguard'
 Adding 'diversion of /opt/vyatta/share/vyatta-cfg/templates/firewall/options/mss-clamp/interface-type/node.def to /opt/vyatta/share/vyatta-cfg/templates/firewall/options/mss-clamp/interface-type/node.def.vyatta by wireguard'
 Adding 'diversion of /opt/vyatta/share/vyatta-cfg/templates/firewall/options/mss-clamp6/interface-type/node.def to /opt/vyatta/share/vyatta-cfg/templates/firewall/options/mss-clamp6/interface-type/node.def.vyatta by wireguard'
 Unpacking wireguard (1.0.20211208-1) ...
 Setting up wireguard (1.0.20211208-1) ...
 #
 

Dann kann die wireguard Konfiguration an der Console durchgeführt werden:

 # configure
 set interfaces wireguard wg0 address 10.10.10.2/28
 set interfaces wireguard wg0 mtu 1420
 set interfaces wireguard wg0 peer testGbtuIuJ3Ozyp6WNdseU8AhbhyIDTKx1rsIYfMWw=
 set interfaces wireguard wg0 peer testGbtuIuJ3Ozyp6WNdseU8AhbhyIDTKx1rsIYfMWw= allowed-ips 0.0.0.0/0
 set interfaces wireguard wg0 peer testGbtuIuJ3Ozyp6WNdseU8AhbhyIDTKx1rsIYfMWw= endpoint 99luiiqqybrwi7c9.myfritz.net:51822
 set interfaces wireguard wg0 private-key testNjGg1Vmjo24vfLvRWXt/U4ApWJyBOZUTGwHDelI=
 set interfaces wireguard wg0 route-allowed-ips false
 commit
 #