greensysadmin said: (full Wireguard requires a host node kernel module to be active on OpenVZ/Virtuozzo, and it's not on any LES providers that I know of - if there are any be known :-)):
Looks like vzkernel-devel plus adding a yum repo and configging interfaces. Doesn't survive package updates, so totally appreciate all that combined is a headache when the userspace implementation gives good enough performance.
Ah ok, yeah having read that doc that is not currently even close to being in any of the solusvm automation so your other method is the one to go for in VZ.
Hey @Nyr, I really love your OpenVPN script! Do you have plan to make WireGuard script also for NAT VPS?
Probably, but when it is a bit more mature (for example, when packages are available in the main distributions, which will happen with the next Debian release or when there is a 1.0 release available).
I am always very conservative with this stuff, so it will happen when it feels really ready for production everywhere, I don't want my installer to be the first, I want it to be the best.
@sonic said:
Hey @Nyr, I really love your OpenVPN script! Do you have plan to make WireGuard script also for NAT VPS?
He might, but it's actually reasonably simple to setup the userspace wireguard-go binary yourself with this guide (full Wireguard requires a host node kernel module to be active on OpenVZ/Virtuozzo, and it's not on any LES providers that I know of - if there are any be known :-)):
Thank you @greensysadmin for your tips and pointing attention. I am also big fan of Nyr & really appreciate his contribution. Also big thanks to Daniel who wrote guide on "WireGuard on OpenVZ/LXC" https://d.sb/2019/07/wireguard-on-openvz-lxc . I have tried & tested Daniel's guide and its even working on Debian OpenVZ6 & 7 NAT VPS
Automated installer for setup, adding clients & clients profile file.
IPv6 worked when added manually in wg0.conf
Speed is very good
low memory usage
Big Thanks to Daniel (https://d.sb/2019/07/wireguard-on-openvz-lxc). If anyone try to play, here are the details and commands. I have used Daniel's guide, please follow all steps, I added few commands as i got errors i.e apt install make and wg-quick up wg0 and wg-quick down wg0
Install Wireguard Client. I have used android and windows 10 client. Generate public and private keys in client software/App and set client "public key" in server wg0.conf on SERVER & set server "public key" in CLIENT
thats it
===============
Following are my conf
OpenVZ6 VPS
Server Config /etc/wireguard/wg0.conf
[Interface]
Address = 10.66.66.1/24
PrivateKey = PRIVATE KEY OF SERVER
ListenPort = PORT
PostUp = iptables -t nat -A POSTROUTING -o venet0 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o venet0 -j MASQUERADE
SaveConfig = false
[Peer]
PublicKey = PUBLIC KEY OF CLIENT
AllowedIPs = 10.66.66.3/24
Client Config
[Interface]
PrivateKey = PRIVATE KEY OF CLIENT
Address = 10.66.66.3/24
DNS = 8.8.8.8, 8.8.4.4
[Peer]
PublicKey = PUBLIC KEY OF SERVER
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = SERVER IP:PORT
PersistentKeepalive = 25
Frequently used commands
nano /etc/wireguard/wg0.conf
systemctl enable wg-quick@wg0
systemctl status wg-quick@wg0
systemctl start wg-quick@wg0
systemctl stop wg-quick@wg0
wg-quick up wg0
wg-quick down wg0
===============
OpenVZ7
Server Config /etc/wireguard/wg0.conf
[Interface]
Address = 10.123.0.1/24,fd42:42:42::1/80
PrivateKey = PRIVATE KEY OF SERVER
ListenPort = PORT
PostUp = iptables -t nat -A POSTROUTING -o venet0 -j MASQUERADE; ip6tables -t nat -A POSTROUTING -o venet0 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o venet0 -j MASQUERADE; ip6tables -t nat -D POSTROUTING -o venet0 -j MASQUERADE
SaveConfig = false
[Peer]
PublicKey = PUBLIC KEY OF CLIENT1
AllowedIPs = 10.123.0.3/32,fd42:42:42::3/128
[Peer]
PublicKey = PUBLIC KEY OF CLIENT2
AllowedIPs = 10.123.0.4/32,fd42:42:42::4/128
Client1 Config
[Interface]
PrivateKey = PRIVATE KEY OF CLIENT1
Address = 10.123.0.3/24, fd42:42:42::3/80
DNS = 8.8.8.8, 8.8.4.4, 2001:4860:4860::8888
[Peer]
PublicKey = PUBLIC KEY OF SERVER
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = SERVER IP:PORT
PersistentKeepalive = 25
Client2 Config
[Interface]
PrivateKey = PRIVATE KEY OF CLIENT2
Address = 10.123.0.4/24, fd42:42:42::4/80
DNS = 8.8.8.8, 8.8.4.4, 2001:4860:4860::8888
[Peer]
PublicKey = PUBLIC KEY OF SERVER
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = SERVER IP:PORT
PersistentKeepalive = 25
Comments
Which one?
https://inceptionhosting.com
Please do not use the PM system here for Inception Hosting support issues.
https://wiki.openvz.org/VPN_using_Wireguard
Looks like vzkernel-devel plus adding a yum repo and configging interfaces. Doesn't survive package updates, so totally appreciate all that combined is a headache when the userspace implementation gives good enough performance.
Ah ok, yeah having read that doc that is not currently even close to being in any of the solusvm automation so your other method is the one to go for in VZ.
https://inceptionhosting.com
Please do not use the PM system here for Inception Hosting support issues.
Probably, but when it is a bit more mature (for example, when packages are available in the main distributions, which will happen with the next Debian release or when there is a 1.0 release available).
I am always very conservative with this stuff, so it will happen when it feels really ready for production everywhere, I don't want my installer to be the first, I want it to be the best.
OpenVPN installer | WireGuard installer
Thank you @greensysadmin for your tips and pointing attention. I am also big fan of Nyr & really appreciate his contribution. Also big thanks to Daniel who wrote guide on "WireGuard on OpenVZ/LXC" https://d.sb/2019/07/wireguard-on-openvz-lxc . I have tried & tested Daniel's guide and its even working on Debian OpenVZ6 & 7 NAT VPS
OpenVZ6
Debian 8.11 x64 - 128MB NAT VPS Kernal: 2.6.32-042stab130.1
Debian 8.11 x64 - 256MB NAT VPS Kernal: 2.6.32-042stab140.1
OpenVZ7
Debian 9.11 x64 - 512MB NAT VPS - Kernal: 4.9.0
KVM
Used installer of https://github.com/l-n-s/wireguard-install
Big Thanks to Daniel (https://d.sb/2019/07/wireguard-on-openvz-lxc). If anyone try to play, here are the details and commands. I have used Daniel's guide, please follow all steps, I added few commands as i got errors i.e apt install make and wg-quick up wg0 and wg-quick down wg0
echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list && printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable && apt update
apt install wireguard-tools --no-install-recommends
cd /tmp && wget https://dl.google.com/go/go1.13.4.linux-amd64.tar.gz && tar zvxf go1.13.4.linux-amd64.tar.gz && sudo mv go /opt/go1.13.4 && sudo ln -s /opt/go1.13.4/bin/go /usr/local/bin/go
go version
(have to install make, it wasn't install in my vps)
apt install make
cd /usr/local/src && wget https://git.zx2c4.com/wireguard-go/snapshot/wireguard-go-0.0.20191012.tar.xz && tar xvf wireguard-go-0.0.20191012.tar.xz && cd wireguard-go-0.0.20191012
(set these variables if you are using VPS less than 256MB)
nano device/queueconstants_default.go
MaxSegmentSize = 1700
PreallocatedBuffersPerPool = 1024
(Run make command)
make
sudo cp wireguard-go /usr/local/bin
wireguard-go --version
(Create public & private keys for Server)
wg genkey | tee private key | wg pubkey > publickey
nano /lib/systemd/system/[email protected]
add this line directly below
Environment=WG_I_PREFER_BUGGY_USERSPACE_TO_POLISHED_KMOD=1
(Perform these commands or wg0-quick will give error and wg0 interface won't come UP)
wg-quick up wg0
wg-quick down wg0
Add following two lines in Server [Interface] /etc/wireguard/wg0.conf only if you using only IPv4
PostUp = iptables -t nat -A POSTROUTING -o venet0 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o venet0 -j MASQUERADE)
For IPv6, add these in /etc/wireguard/wg0.conf
PostUp = iptables -t nat -A POSTROUTING -o venet0 -j MASQUERADE; ip6tables -t nat -A POSTROUTING -o venet0 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o venet0 -j MASQUERADE; ip6tables -t nat -D POSTROUTING -o venet0 -j MASQUERADE
systemctl enable wg-quick@wg0
systemctl start wg-quick@wg0
wg
(check wg running)
Install Wireguard Client. I have used android and windows 10 client. Generate public and private keys in client software/App and set client "public key" in server wg0.conf on SERVER & set server "public key" in CLIENT
thats it
===============
Following are my conf
OpenVZ6 VPS
Server Config /etc/wireguard/wg0.conf
[Interface]
Address = 10.66.66.1/24
PrivateKey = PRIVATE KEY OF SERVER
ListenPort = PORT
PostUp = iptables -t nat -A POSTROUTING -o venet0 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o venet0 -j MASQUERADE
SaveConfig = false
[Peer]
PublicKey = PUBLIC KEY OF CLIENT
AllowedIPs = 10.66.66.3/24
Client Config
[Interface]
PrivateKey = PRIVATE KEY OF CLIENT
Address = 10.66.66.3/24
DNS = 8.8.8.8, 8.8.4.4
[Peer]
PublicKey = PUBLIC KEY OF SERVER
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = SERVER IP:PORT
PersistentKeepalive = 25
Frequently used commands
nano /etc/wireguard/wg0.conf
systemctl enable wg-quick@wg0
systemctl status wg-quick@wg0
systemctl start wg-quick@wg0
systemctl stop wg-quick@wg0
wg-quick up wg0
wg-quick down wg0
===============
OpenVZ7
Server Config /etc/wireguard/wg0.conf
[Interface]
Address = 10.123.0.1/24,fd42:42:42::1/80
PrivateKey = PRIVATE KEY OF SERVER
ListenPort = PORT
PostUp = iptables -t nat -A POSTROUTING -o venet0 -j MASQUERADE; ip6tables -t nat -A POSTROUTING -o venet0 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o venet0 -j MASQUERADE; ip6tables -t nat -D POSTROUTING -o venet0 -j MASQUERADE
SaveConfig = false
[Peer]
PublicKey = PUBLIC KEY OF CLIENT1
AllowedIPs = 10.123.0.3/32,fd42:42:42::3/128
[Peer]
PublicKey = PUBLIC KEY OF CLIENT2
AllowedIPs = 10.123.0.4/32,fd42:42:42::4/128
Client1 Config
[Interface]
PrivateKey = PRIVATE KEY OF CLIENT1
Address = 10.123.0.3/24, fd42:42:42::3/80
DNS = 8.8.8.8, 8.8.4.4, 2001:4860:4860::8888
[Peer]
PublicKey = PUBLIC KEY OF SERVER
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = SERVER IP:PORT
PersistentKeepalive = 25
Client2 Config
[Interface]
PrivateKey = PRIVATE KEY OF CLIENT2
Address = 10.123.0.4/24, fd42:42:42::4/80
DNS = 8.8.8.8, 8.8.4.4, 2001:4860:4860::8888
[Peer]
PublicKey = PUBLIC KEY OF SERVER
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = SERVER IP:PORT
PersistentKeepalive = 25
============================