Enable Wireguard in Synology 918+

2月 18th, 2021,由 frank撰写

Some applications only working in same broadcast, so vpn feature is must have when access personal resource (e.g: NAS) from Internet. The artical only cover Wireguard, but not include theory.

Install APP

Follow up by the Github for synology-wireguard, not summarized again. Just put the spk:

WireGuard-apollolake-1.0.20200729.spk.zip 下载

Config Wireguard Server

Generate Server and Client key

Due to private and public key, so totally 4 key files, do by follow cmd:

# wg genkey | tee server-privatekey | wg pubkey > server-publickey
# wg genkey | tee client-privatekey | wg pubkey > client-publickey
# ls -l |grep key
-rw-r--r-- 1 root root   45 Feb 18 12:08 client-privatekey
-rw-r--r-- 1 root root   45 Feb 18 12:08 client-publickey
-rw-r--r-- 1 root root   45 Feb 18 12:08 server-privatekey
-rw-r--r-- 1 root root   45 Feb 18 12:08 server-publickey

Config wg0 conf

Follow wg0 conf file, due to I am not require forward traffics via my Synology Server, and just access my APP in same LAN, so not config “0.0.0.0/0” in “AllowedIPs”:

frank@frank-server:/etc/wireguard$ more wg0.conf 
[Interface]
Address = 192.168.2.1/32
PrivateKey = <server-privatekey>
ListenPort = <internal port>
MTU = 1300
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ovs_eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ovs_eth0 -j MASQUERADE

[Peer]
PublicKey = <client-publickey>
AllowedIPs = 192.168.2.2/32

And in my Server, public port is not eth0, but is ovs_eth0:

frank@frank-server:/etc/wireguard$ sudo ovs-vsctl show 
    Bridge "ovs_eth0"
        Port "eth0"
            Interface "eth0"
        Port "ovs_eth0"
            Interface "ovs_eth0"
                type: internal
    Bridge "ovs_eth1"
        Port "ovs_eth1"
            Interface "ovs_eth1"
                type: internal
        Port "eth1"
            Interface "eth1"

Auto Enable when Power On

Add the script to task, same with Github:

Config Wireguard Client

Follow client conf:

[Interface]
Address = 192.168.2.2/24
MTU = 1300
PrivateKey = <client-privatekey>

[Peer]
AllowedIPs = 0.0.0.0/0
Endpoint = <public IP address>:<external port>
PersistentKeepalive = 25
PublicKey = <server-publickey>

Reference

How to Install/Config Wireguard in Synology Server?

本文出自 Frank's Blog

本文链接：Enable Wireguard in Synology 918+
版权声明：本文为原创文章，仅代表个人观点，版权归 Frank Zhao 所有，转载时请注明本文出处及文章链接

学习笔记, 常用资料 Synology,VPN

你可以留言,或者trackback 从你的网站

EVPN ELAN over SRTE«

留言哦

返回顶端

『无题』

I persist, therefore I am!!!

Useful Link

1. IANA - AFI
2. IANA - SAFI
3. IANA - BGP Ex Comm
4. RPM pbone.net
5. Linux Packages Search
Useful Toots

Linux:

python -m SimpleHTTPServer <port>

python -m http.server <port>

PS: only one thread, if require more threads, can replace by “caddy”.

Win10:

certutil -hashfile .\xxxx MD5
TAG Cloud

7600 AAA ARP ASR9k BGP BGP Design BLOG CEF DYNAMIPS EEM EIGRP ESXI EVPN HSRP IOX IP SLA IPV6 ISDN IXIA JAVA L2TP L2VPN Linux Macos MPLS Multicast NCS5500 OSPF PHONE Python QOS RHEL S-CRT SDN SRTE STP TCL UBUNTU Upgrade VLAN VPLS WINDOWS WIRESHARK XR Yang
WP Cumulus Flash tag cloud by Roy Tanck requires Flash Player 9 or better.
Recent Comments
- 正在加载...
功能
Memo

Perseverance sometimes equals genius!

There are only two creatures in the world who can surmount the pyramid:

—–the eagle and the snail.
分类目录
- CCDE (16)
- CCIE SEC (4)
- CCIE SP (55)
- CCIE VOICE (3)
- Classical CASE (26)
- Linux (55)
- Mobile Phone (4)
- Programmer (39)
- Solution (2)
- Uncategorized (15)
- Windows常用技术 (9)
- 似水流年 (14)
- 学习笔记 (160)
- 常用资料 (43)
- 网络技术 (34)
近期文章

Enable Wireguard in Synology 918+

Install APP

Config Wireguard Server

Generate Server and Client key

Config wg0 conf

Auto Enable when Power On

Config Wireguard Client

Reference

留言哦

『无题』

Useful Link

Useful Toots

TAG Cloud

Recent Comments

功能

Memo

分类目录

近期文章