To merge 3 of my servers while also to learn some VPN knowledge, I am going to use WireGuard (abbr. wg) to set up an intranet among the servers.
wg has got into Linux kernel (after 5.6) so it is install-free. It is also known as an easy-to-config VPN, which fits a newbie like me.
If you are using a Debian-series distro,
use apt to install
wireguard-tools on servers.
It provides some greatly useful tools, including
umask 077 wg genkey > a.key wg pubkey < a.key > a.pub
Consider permissions. Do not forget
The step should be done on all hosts.
/etc/wireguard/wg0.conf and write:
# If you are a server, not behind a NAT, and has a public IP: [Interface] Address = <intranet IP with subnet mask, such as 10.0.0.1/24> ListenPort = <port handling VPN communications> PrivateKey = <key of the host> # List all peers # If the peer is the gateway [Peer] PublicKey = <pub of the peer> AllowedIPs = <exact IP of the peer, such as 10.0.0.2/32> Endpoint = <If the peer is publicly accessible, set IP/domain:port> # If the peer is not the gateway [Peer] PublicKey = <like above> AllowedIPs = <the subnet IP range, such as 10.0.0.0/24> Endpoint = <like above>
# If you are a client, behind a NAT and has no public IP: [Interface] ...<like above> # List all peers # If the peer is the gateway [Peer] ...<like above> # To keep the connection in firewalls or NAT tables. # 25 is suggested by the wg office. PersistentKeepalive = 25 # If the peer is not the gateway [Peer] ...<like above> PersistentKeepalive = 25
wireguard-tools has provided a systemd service config.
The name is
wg-quick@, and you can use the name
to make it use
Try to ping all hosts in the intranet after starting wg on all hosts. There should be no problems.