Nerdberg Wireguard VPN with Systemd-Networkd: Unterschied zwischen den Versionen

← Zum vorherigen Versionsunterschied Zum nächsten Versionsunterschied →

Version vom 16. August 2025, 13:19 Uhr

Template for a vpn-config useable with vpn.nerdberg.de, to be used with systemd-networkd.

wg-netdberg.netdev

  [NetDev]
  Name=wg-nerdberg
  Kind=wireguard
  Description=Nerdberg Tunnel Endpoint
  MTUBytes=1280
  
  [WireGuard]
  ListenPort=51902
  PrivateKey=ABC123....= # as created by vpn server
  
  [WireGuardPeer]
  PublicKey=ABC123...= # as created by vpn server
  PresharedKey=ABC123...= # as created by vpn server
  AllowedIPs=10.73.36.0/23,10.3.2.0/24
  Endpoint=vpn.nerdberg.de:51820
  PersistentKeepalive = 25

wg-netdberg.network

  [Match]
  Name=wg-nerdberg
  
  [Network]
  IPv6AcceptRA=false
  LinkLocalAddressing=no
  DHCP=no
  
  [Address]
  Address=10.3.2.120/32 # replace as created by vpn server
  Peer=10.3.2.1/32
  
  [Address]
  Address=fd00::3:2:b0/128 # replace as created by vpn server
  Peer=fd00::3:2:1/128
  
  # on-link
  [Route]
  Destination=10.3.2.0/24
  Gateway=10.3.2.1
  
  # LAN
  [Route]
  Destination=10.73.36.0/23
  Gateway=10.3.2.1

Running configuration

Address

ip addr show dev wg-nerdberg

  6: wg-nerdberg: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1280 qdisc noqueue state UNKNOWN group default qlen 1000
      link/none 
      inet 10.3.2.120 peer 10.3.2.1/32 scope global wg-nerdberg
         valid_lft forever preferred_lft forever
      inet6 fd00::3:2:b0 peer fd00::3:2:1/128 scope global 
         valid_lft forever preferred_lft forever

Route

  # ip route show dev wg-nerdberg
  10.3.2.0/24 via 10.3.2.1 proto static 
  10.3.2.1 proto kernel scope link src 10.3.2.120 
  10.73.36.0/23 via 10.3.2.1 proto static

Wireguard

  # wg show
  interface: wg-nerdberg
    public key: KOMmBnaj4ebyJbcLuSCjTLCoyTuV5ZON2nArENP4BGE=
    private key: (hidden)
    listening port: 51902

  peer: ZasbMPoNaD0OGfqm/PQgs+cO/Mhz6ePYFlSB77KyUmU=
    preshared key: (hidden)
    endpoint: 212.172.14.27:51820
    allowed ips: 10.3.2.0/24, 10.73.36.0/23
    latest handshake: 13 seconds ago
    transfer: 38.03 MiB received, 1.59 MiB sent
    persistent keepalive: every 25 seconds

@@ Zeile 3: / Zeile 3: @@
 == [https://www.man7.org/linux/man-pages/man5/systemd.netdev.5.html wg-netdberg.netdev] ==
-<code>
+   [NetDev]
-[NetDev]<br>
+   Name=wg-nerdberg
-Name=wg-nerdberg<br>
+   Kind=wireguard
-Kind=wireguard<br>
+   Description=Nerdberg Tunnel Endpoint
-Description=Nerdberg Tunnel Endpoint<br>
+   MTUBytes=1280
-MTUBytes=1280<br>
-<br>
+   [WireGuard]
-[WireGuard]<br>
+   ListenPort=51902
-ListenPort=51902<br>
+   PrivateKey=ABC123....= # as created by vpn server
-PrivateKey=<b>ABC123....=</b> # <em>as created by vpn server</em><br>
-<br>
+   [WireGuardPeer]
-[WireGuardPeer]<br>
+   PublicKey=ABC123...= # as created by vpn server
-PublicKey=<b>ABC123...=</b> # <em>as created by vpn server</em><br>
+   PresharedKey=ABC123...= # as created by vpn server
-PresharedKey=<b>ABC123...=</b> # <em>as created by vpn server</em><br>
+   AllowedIPs=10.73.36.0/23,10.3.2.0/24
-AllowedIPs=10.73.36.0/23,10.3.2.0/24<br>
+   Endpoint=vpn.nerdberg.de:51820
-Endpoint=vpn.nerdberg.de:51820<br>
+   PersistentKeepalive = 25
-PersistentKeepalive = 25
-</code>
 == [https://www.man7.org/linux/man-pages/man5/systemd.network.5.html wg-netdberg.network] ==
-<code>
+   [Match]
-[Match]<br>
+   Name=wg-nerdberg
-Name=wg-nerdberg<br>
-<br>
+   [Network]
-[Network]<br>
+   IPv6AcceptRA=false
-IPv6AcceptRA=false<br>
+   LinkLocalAddressing=no
-LinkLocalAddressing=no<br>
+   DHCP=no
-DHCP=no<br>
-<br>
+   [Address]
-[Address]<br>
+   Address=10.3.2.120/32 # replace as created by vpn server
-Address=<b>10.3.2.120/32</b> # <em>replace as created by vpn server</em><br>
+   Peer=10.3.2.1/32
-Peer=10.3.2.1/32<br>
-<br>
+   [Address]
-[Address]<br>
+   Address=fd00::3:2:b0/128 # replace as created by vpn server
-Address=<b>fd00::3:2:b0/128</b> # <em>replace as created by vpn server</em><br>
+   Peer=fd00::3:2:1/128
-Peer=fd00::3:2:1/128<br>
-<br>
+   # on-link
-[Route]<br>
+   [Route]
-Destination=10.3.2.0/24<br>
+   Destination=10.3.2.0/24
-Gateway=10.3.2.1<br>
+   Gateway=10.3.2.1
-<br>
-[Route]<br>
+   # LAN
-Destination=10.73.36.0/23<br>
+   [Route]
-Gateway=10.3.2.1
+   Destination=10.73.36.0/23
-</code>
+   Gateway=10.3.2.1
+== Running configuration ==
+=== Address ===
+ip addr show dev wg-nerdberg
+: wg-nerdberg: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1280 qdisc noqueue state UNKNOWN group default qlen 1000
+       link/none
+       inet 10.3.2.120 peer 10.3.2.1/32 scope global wg-nerdberg
+          valid_lft forever preferred_lft forever
+       inet6 fd00::3:2:b0 peer fd00::3:2:1/128 scope global
+          valid_lft forever preferred_lft forever
+=== Route ===
+   # ip route show dev wg-nerdberg
+.3.2.0/24 via 10.3.2.1 proto static
+.3.2.1 proto kernel scope link src 10.3.2.120
+.73.36.0/23 via 10.3.2.1 proto static
+=== Wireguard ===
+   # wg show
+   interface: wg-nerdberg
+     public key: KOMmBnaj4ebyJbcLuSCjTLCoyTuV5ZON2nArENP4BGE=
+     private key: (hidden)
+     listening port: 51902
+   peer: ZasbMPoNaD0OGfqm/PQgs+cO/Mhz6ePYFlSB77KyUmU=
+     preshared key: (hidden)
+     endpoint: 212.172.14.27:51820
+     allowed ips: 10.3.2.0/24, 10.73.36.0/23
+     latest handshake: 13 seconds ago
+     transfer: 38.03 MiB received, 1.59 MiB sent
+     persistent keepalive: every 25 seconds