Wireguard s2s mit fli4l

Reiner Tunnel in separatem Subnetz.
Kein extra Routing o.ä. konfiguriert. Durchsatz zwischen alix 2d3 und x86_64 vm ca. 23 MBit/s bis 27 MBit/s.

Host 1 (grautvornix)

vpn.txt

  WIREGUARD[] {
      NAME='sandy-v4'
      LOCAL_IP4='10.103.214.130/30'
      LISTEN_PORT='31633'
      PRIVATE_KEY='***'
      KEEP_ALIVE='23'

      PEER[] {
          NAME='sandy'
          LOCAL_IP4='10.103.214.129/32'
          PUBLIC_KEY='CauB3gcxSL8OSYo2/wqi5+lNzjV5GFQgUA5nlAgX3GA='
          PRESHARED_KEY='***'
  #        REMOTE_HOST='sandy.example.com'
          REMOTE_HOST='192.168.243.1'
  #        REMOTE_HOST='fd5b:86e0:557e::1'
          REMOTE_PORT='18272'
      }
  }

base.txt

  PF_INPUT[]='prot:udp 31633-31636 ACCEPT'
  {
      COMMENT='allow WireGuard incoming udp ports'
  }
  PF_INPUT[]='10.103.214.128/30 ACCEPT'
  {
      COMMENT='allow WireGuard access to router (v4)'
  }

  PF_FORWARD[]='10.103.214.128/30 ACCEPT'
  {
      COMMENT='WireGuard allow anywhere'
  }

Host 2 (sandy)

vpn.txt

  WIREGUARD[] {
    NAME='grautvornix-v4'
    LOCAL_IP4='10.103.214.129/30'
    LISTEN_PORT='18272'
    PRIVATE_KEY='***'
    KEEP_ALIVE='23'

    PEER[] {
      NAME='grautvornix'
      LOCAL_IP4='10.103.214.130/32'
      PUBLIC_KEY='+KUBl3exEGpPwKX3aqIRjINflENqR5Sd73FHzoYH1wY='
      PRESHARED_KEY='***'
      REMOTE_HOST='grautvornix.example.com'
      REMOTE_PORT='31633'
    }
  }

base.txt

  PF_INPUT[]='prot:udp 18271-18275 ACCEPT'
  {
    COMMENT='allow WireGuard incoming UDP ports'
  }
  PF_INPUT[]='10.103.214.128/30 ACCEPT'
  {
    COMMENT='allow WireGuard access to router (site2site, v4)'
  }
  #PF_FORWARD[]='10.103.214.128/30 ACCEPT'
  #{
  #  COMMENT='WireGuard allow anywhere (site2site, v4)'
  #}

LeSpocky/wg-s2s.md

Wireguard s2s mit fli4l

Host 1 (grautvornix)

vpn.txt

base.txt

Host 2 (sandy)

vpn.txt

base.txt