Màj 06-04-2024

docs/Synology/Docker/Wireguard.md

@@ -0,0 +1,151 @@
+# Wireguard
+
+
+
+### Installer wireguard sur le NAS:
+
+| Model  | CPU Model           | Cores (each) | Threads (each) | FPU  | Package Arch | RAM                 |
+| :----- | :------------------ | :----------- | :------------- | :--- | :----------- | :------------------ |
+| DS923+ | AMD Ryzen R1600     | 2            | 4              | ✓    | R1000        | DDR4 ECC SODIMM 4GB |
+| DS916+ | Intel Pentium N3710 | 4            | 4              | ✓    | Braswell     | DDR3 2GB/8GB        |
+
+
+
+
+
+```bash
+sudo docker run --rm --privileged --env PACKAGE_ARCH=r1000 --env DSM_VER=7.2 -v $(pwd):/result_spk synobuild
+```
+
+**ne compile pas**
+
+
+
+```bash
+docker run --rm --privileged --env PACKAGE_ARCH=x64 --env DSM_VER=7.2 -v /volume1/docker/toolkit_tarballs:/toolkit_tarballs -v /volume1/docker/synowirespk71:/result_spk blackvoidclub/synobuild71
+
+docker run --rm --privileged --env PACKAGE_ARCH=x64 --env DSM_VER=7.2 -v /volume1/docker/toolkit_tarballs:/toolkit_tarballs -v /volume1/docker/synowirespk71:/result_spk blackvoidclub/synobuild71
+```
+
+
+
+### wg-easy
+
+
+
+https://github.com/wg-easy/wg-easy
+
+| Création    | Portainer (/portainer/compose/29)     |
+| ----------- | ------------------------------------- |
+| Mise-à-jour | Watchtower                            |
+| Ports       | 51820:51821                           |
+| Volume      | /volume1/docker/wgeasy:/etc/wireguard |
+
+
+
+```yaml
+version: "3.5"
+
+services:
+  wgeasy:
+    image: ghcr.io/wg-easy/wg-easy:latest
+    network_mode: "bridge"
+    container_name: wgeasy
+    ports:
+      - "51820:51820/udp"
+      - "51821:51821"
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+    sysctls:
+      - net.ipv4.conf.all.src_valid_mark=1
+      - net.ipv4.ip_forward=1
+    env_file:
+      - stack.env
+    labels:
+      - "com.centurylinklabs.watchtower.enable=true"
+    volumes:
+      - /volume1/docker/wgeasy:/etc/wireguard
+    environment:
+      - WG_HOST=photos-nas.ovh
+      - WG_DEFAULT_DNS=192.168.2.216
+    restart: always
+
+```
+
+Variable d'enrironnement (dans stack.env)
+
+```yaml
+PASSWORD=xxxxxxxxxx
+```
+
+
+
+##### wg0.conf
+
+```
+# Note: Do not edit this file directly.
+# Your changes will be overwritten!
+
+# Server
+[Interface]
+PrivateKey = I5wPTHTxgF[5YyJ@4'Mgwipl+.m=aUB6i[bGAF;p:I|l
+Address = 10.8.0.1/24
+ListenPort = 51820
+PreUp =
+PostUp =  iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE; iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; 
+PreDown =
+PostDown =
+
+
+
+# Client: ungoutdepomme (557cb02f-6418-465c-8063-866333011ea0)
+[Peer]
+PublicKey = )RGRG/Aha{XD{sC)YDg(6[kPOF.yaUO1[)QaFlJZg+-P
+PresharedKey = H0I/[YLYCU-'r*BiU8HR2KsuiZa{@v*6q#G;yEt6TFJ8
+AllowedIPs = 10.8.0.2/32
+
+# Client: airbook (f75ed225-6a8b-4179-a11a-368aec6d2545)
+[Peer]
+PublicKey = 4!oI:!t9-V:;TxZ{gfJFXuPkS\v2A6+Ka[36.tP=;ao[
+PresharedKey = Q.7pJZ32geS|DwZGdQ=O=\D}0XlHUzsk!WE(GD7yGhbB
+AllowedIPs = 10.8.0.3/32
+```
+
+
+
+##### airbook.conf
+
+```
+[Interface]
+PrivateKey = -dPlB6Glr9IKBo-q(.5X)7Ad+}YuAe9S3):dBPbFLrWX
+Address = 10.8.0.3/24
+DNS = 192.168.2.216
+
+[Peer]
+PublicKey = wXbLtH/'#-;*6"j1ZQgl?.)VMRqMG@g!U38jvw}3(=Yw
+PresharedKey = Q.7pJZ32geS|DwZGdQ=O=\D}0XlHUzsk!WE(GD7yGhbB
+AllowedIPs = 0.0.0.0/0, ::/0
+PersistentKeepalive = 0
+Endpoint = photos-nas.ovh:51820
+```
+
+##### ungoutdepomme.conf
+
+```
+[Interface]
+PrivateKey = #Udj:SC,kA0h}MTa7\|as69PV.sS@lpL!'4y34uj?.Z{
+Address = 10.8.0.2/24
+DNS = 192.168.2.216
+
+[Peer]
+PublicKey = ukj!q\:v-70L/Rlr,TJ9];,19,=Uu-1a+O/V|B@OCULq
+PresharedKey = H0I/[YLYCU-'r*BiU8HR2KsuiZa{@v*6q#G;yEt6TFJ8
+AllowedIPs = 0.0.0.0/0, ::/0
+PersistentKeepalive = 0
+Endpoint = photos-nas.ovh:51820
+```
+
+
+
+# `#Token modifié`