Enable Wireguard in Synology 918+
目录
Some applications only working in same broadcast, so vpn feature is must have when access personal resource (e.g: NAS) from Internet. The artical only cover Wireguard, but not include theory.
Install APP
Follow up by the Github for synology-wireguard, not summarized again. Just put the spk:
Config Wireguard Server
Generate Server and Client key
Due to private and public key, so totally 4 key files, do by follow cmd:
# wg genkey | tee server-privatekey | wg pubkey > server-publickey
# wg genkey | tee client-privatekey | wg pubkey > client-publickey
# ls -l |grep key
-rw-r--r-- 1 root root 45 Feb 18 12:08 client-privatekey
-rw-r--r-- 1 root root 45 Feb 18 12:08 client-publickey
-rw-r--r-- 1 root root 45 Feb 18 12:08 server-privatekey
-rw-r--r-- 1 root root 45 Feb 18 12:08 server-publickey
Config wg0 conf
Follow wg0 conf file, due to I am not require forward traffics via my Synology Server, and just access my APP in same LAN, so not config “0.0.0.0/0” in “AllowedIPs”:
frank@frank-server:/etc/wireguard$ more wg0.conf
[Interface]
Address = 192.168.2.1/32
PrivateKey = <server-privatekey>
ListenPort = <internal port>
MTU = 1300
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ovs_eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ovs_eth0 -j MASQUERADE
[Peer]
PublicKey = <client-publickey>
AllowedIPs = 192.168.2.2/32
And in my Server, public port is not eth0, but is ovs_eth0:
frank@frank-server:/etc/wireguard$ sudo ovs-vsctl show
Bridge "ovs_eth0"
Port "eth0"
Interface "eth0"
Port "ovs_eth0"
Interface "ovs_eth0"
type: internal
Bridge "ovs_eth1"
Port "ovs_eth1"
Interface "ovs_eth1"
type: internal
Port "eth1"
Interface "eth1"
Auto Enable when Power On
Add the script to task, same with Github:

Config Wireguard Client
Follow client conf:
[Interface]
Address = 192.168.2.2/24
MTU = 1300
PrivateKey = <client-privatekey>
[Peer]
AllowedIPs = 0.0.0.0/0
Endpoint = <public IP address>:<external port>
PersistentKeepalive = 25
PublicKey = <server-publickey>
Reference
How to Install/Config Wireguard in Synology Server?
- Github for synology-wireguard
- WireGuard 教程:WireGuard 的工作原理
- 自己搭建WireGuard给Android用
- WireGuard搭建方法
- WireGuard基本原理
- How to easily configure WireGuard 译文