Depuis une installation OpenWRT. Il n'existe pas de méthode graphique.

Copié depuis https://openwrt.org/docs/guide-user/services/vpn/wireguard/client.

Installation

Préparation

Installation des paquets

opkg update
opkg install wireguard

Configuration des paramètres

# Configuration parameters
WG_IF="wg0"
WG_SERV="193.33.56.19"
WG_PORT="51820"
WG_ADDR="<ipv4 privee>/32"
WG_ADDR6="<ipv6 privee/128"

Gestion des clés

# Generate keys
umask go=
wg genkey | tee wgclient.key | wg pubkey > wgclient.pub
wg genpsk > wgclient.psk

# Client private key
WG_KEY="$(cat wgclient.key)"
WG_PUB="D58L/Gkx0R0n90HpNCY5iMOZMsQ1OIEmGGr7iGchwAk="

Partager le contenu de wgclient.pub sur Ambre.

Firewall

Consider VPN network as public and assign VPN interface to WAN zone to minimize firewall setup.

uci rename firewall.@zone[0]="lan"
uci rename firewall.@zone[1]="wan"
uci del_list firewall.wan.network="${WG_IF}"
uci add_list firewall.wan.network="${WG_IF}"
uci commit firewall
/etc/init.d/firewall restart

Network

Configuration du réseau

uci -q delete network.${WG_IF}
uci set network.${WG_IF}="interface"
uci set network.${WG_IF}.proto="wireguard"
uci set network.${WG_IF}.private_key="${WG_KEY}"
uci add_list network.${WG_IF}.addresses="${WG_ADDR}"
uci add_list network.${WG_IF}.addresses="${WG_ADDR6}"

Ajout du serveur VPN

uci -q delete network.wgserver
uci set network.wgserver="wireguard_${WG_IF}"
uci set network.wgserver.public_key="${WG_PUB}"
uci set network.wgserver.endpoint_host="${WG_SERV}"
uci set network.wgserver.endpoint_port="${WG_PORT}"
uci set network.wgserver.route_allowed_ips="1"
uci set network.wgserver.persistent_keepalive="25"
uci add_list network.wgserver.allowed_ips="0.0.0.0/0"
uci add_list network.wgserver.allowed_ips="::/0"
uci commit network
/etc/init.d/network restart

Tests

traceroute openwrt.org
traceroute6 openwrt.org

Hardware

Voici quelques routeurs

Tests effectués sur fibre Orange

TP-LINK Archer C7

5 ports Gbit + wifi

https://openwrt.org/toh/tp-link/archer-c5-c7-wdr7500

  • ping 17ms
  • download 72Mb/s
  • upload 68Mb/s

Ubiquity EdgeRouter-X

5 ports Gbit. Plus performant mais pas de wifi.

https://openwrt.org/toh/ubiquiti/ubiquiti_edgerouter_x_er-x_ka

  • ping 16ms
  • download 190Mb/s
  • upload 150Mb/s