Divers/mkdocs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
011cfcba403eaeb1499fad24af3805d1f5f62ed3
mkdocs/docs/Synology/Docker/Wireguard.md
Bruno21 259b9c6a24 Màj 06-04-2024
2024-04-06 09:54:09 +02:00

152 lines
3.6 KiB
Markdown
Raw Blame History

# Wireguard
### Installer wireguard sur le NAS:
| Model | CPU Model | Cores (each) | Threads (each) | FPU | Package Arch | RAM |
| :----- | :------------------ | :----------- | :------------- | :--- | :----------- | :------------------ |
| DS923+ | AMD Ryzen R1600 | 2 | 4 | ✓ | R1000 | DDR4 ECC SODIMM 4GB |
| DS916+ | Intel Pentium N3710 | 4 | 4 | ✓ | Braswell | DDR3 2GB/8GB |
```bash
sudo docker run --rm --privileged --env PACKAGE_ARCH=r1000 --env DSM_VER=7.2 -v $(pwd):/result_spk synobuild
```
**ne compile pas**
```bash
docker run --rm --privileged --env PACKAGE_ARCH=x64 --env DSM_VER=7.2 -v /volume1/docker/toolkit_tarballs:/toolkit_tarballs -v /volume1/docker/synowirespk71:/result_spk blackvoidclub/synobuild71
docker run --rm --privileged --env PACKAGE_ARCH=x64 --env DSM_VER=7.2 -v /volume1/docker/toolkit_tarballs:/toolkit_tarballs -v /volume1/docker/synowirespk71:/result_spk blackvoidclub/synobuild71
```
### wg-easy
https://github.com/wg-easy/wg-easy
| Création | Portainer (/portainer/compose/29) |
| ----------- | ------------------------------------- |
| Mise-à-jour | Watchtower |
| Ports | 51820:51821 |
| Volume | /volume1/docker/wgeasy:/etc/wireguard |
```yaml
version: "3.5"
services:
wgeasy:
image: ghcr.io/wg-easy/wg-easy:latest
network_mode: "bridge"
container_name: wgeasy
ports:
- "51820:51820/udp"
- "51821:51821"
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
- net.ipv4.ip_forward=1
env_file:
- stack.env
labels:
- "com.centurylinklabs.watchtower.enable=true"
volumes:
- /volume1/docker/wgeasy:/etc/wireguard
environment:
- WG_HOST=photos-nas.ovh
- WG_DEFAULT_DNS=192.168.2.216
restart: always
```
Variable d'enrironnement (dans stack.env)
```yaml
PASSWORD=xxxxxxxxxx
```
##### wg0.conf
```
# Note: Do not edit this file directly.
# Your changes will be overwritten!
# Server
[Interface]
PrivateKey = I5wPTHTxgF[5YyJ@4'Mgwipl+.m=aUB6i[bGAF;p:I|l
Address = 10.8.0.1/24
ListenPort = 51820
PreUp =
PostUp = iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE; iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT;
PreDown =
PostDown =
# Client: ungoutdepomme (557cb02f-6418-465c-8063-866333011ea0)
[Peer]
PublicKey = )RGRG/Aha{XD{sC)YDg(6[kPOF.yaUO1[)QaFlJZg+-P
PresharedKey = H0I/[YLYCU-'r*BiU8HR2KsuiZa{@v*6q#G;yEt6TFJ8
AllowedIPs = 10.8.0.2/32
# Client: airbook (f75ed225-6a8b-4179-a11a-368aec6d2545)
[Peer]
PublicKey = 4!oI:!t9-V:;TxZ{gfJFXuPkS\v2A6+Ka[36.tP=;ao[
PresharedKey = Q.7pJZ32geS|DwZGdQ=O=\D}0XlHUzsk!WE(GD7yGhbB
AllowedIPs = 10.8.0.3/32
```
##### airbook.conf
```
[Interface]
PrivateKey = -dPlB6Glr9IKBo-q(.5X)7Ad+}YuAe9S3):dBPbFLrWX
Address = 10.8.0.3/24
DNS = 192.168.2.216
[Peer]
PublicKey = wXbLtH/'#-;*6"j1ZQgl?.)VMRqMG@g!U38jvw}3(=Yw
PresharedKey = Q.7pJZ32geS|DwZGdQ=O=\D}0XlHUzsk!WE(GD7yGhbB
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 0
Endpoint = photos-nas.ovh:51820
```
##### ungoutdepomme.conf
```
[Interface]
PrivateKey = #Udj:SC,kA0h}MTa7\|as69PV.sS@lpL!'4y34uj?.Z{
Address = 10.8.0.2/24
DNS = 192.168.2.216
[Peer]
PublicKey = ukj!q\:v-70L/Rlr,TJ9];,19,=Uu-1a+O/V|B@OCULq
PresharedKey = H0I/[YLYCU-'r*BiU8HR2KsuiZa{@v*6q#G;yEt6TFJ8
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 0
Endpoint = photos-nas.ovh:51820
```
# `#Token modifié`
Reference in New Issue View Git Blame Copy Permalink