mkdocs/docs/Synology/dsm7/wireguard.md

# WireGuard



### Installer WireGuard sur le NAS

https://www.blackvoid.club/wireguard-spk-for-your-synology-nas/



##### Identifier l'architecture du NAS:

https://kb.synology.com/en-global/DSM/tutorial/What_kind_of_CPU_does_my_NAS_have?ref=blackvoid.club

| **Model**  | **CPU Model**   | **Cores** **(each)** | **Threads** **(each)** | **FPU** | **Package Arch** | **RAM**             |
| ---------- | --------------- | -------------------- | ---------------------- | ------- | ---------------- | ------------------- |
| **DS923+** | AMD Ryzen R1600 | 2                    | 4                      | ✓       | R1000            | DDR4 ECC SODIMM 4GB |

Télécharger le paquet (SPK) correspondant à la version courante de DSM (7.2):

https://www.blackvoid.club/content/files/2023/03/WireGuard-r1000-1.0.20220627.spk

Installer manuellement le paquet dans le Centre de paquet <u>mais ne pas le lancer.</u>

Sous DSM 7.2, redémarrer le NAS, puis démarrer WireGuard:

```
root@DS923:~# cd /var/packages/WireGuard/scripts

root@DS923:/var/packages/WireGuard/script
-rwxr-xr-x 1 root root  364 May  3  2022 start
-rwxr-xr-x 1 root root 1664 May  3  2022 start-stop-status

root@DS923:/var/packages/WireGuard/scripts# /var/packages/WireGuard/scripts/start
WireGuard have been successfully started
```

Le NAS supporte enfin WireGuard client et serveur.



### WireGuard Easy

https://github.com/wg-easy/wg-easy

https://www.blackvoid.club/wireguard-vpn-for-your-synology-nas/

```bash
bruno@DS923:/volume1/docker/wgeasy
-rwxrwxrwx+ 1 bruno users 488 Jan 28 12:24 docker-compose.yml
-rwxrwxrwx+ 1 root  root  443 Jan 28 12:26 wg0.conf
-rwxrwxrwx+ 1 root  root  195 Jan 28 12:26 wg0.json
```



##### docker-compose.yml

```yaml
version: "3.5"

services:
  wgeasy:
    image: ghcr.io/wg-easy/wg-easy:latest
    network_mode: "bridge"
    container_name: wgeasy
    ports:
      - "51820:51820/udp"
      - "51821:51821"
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
      - net.ipv4.ip_forward=1
    volumes:
      - /volume1/docker/wgeasy:/etc/wireguard
    environment:
      - WG_HOST=photos-nas.ovh
      - PASSWORD=xxxxxxxxxxxxxx
    restart: always
```

- WireGuard VPN server utilise le port UDP 51820 <u>(à ouvrir sur le routeur)</u>

- L'interface WG-Easy web utilise le port TCP 51821



```bash
bruno@DS923:/volume1/docker/wgeasy$ sudo docker-compose up -d
```

WG-Easy est disponible à http://192.168.2.57:51821, puis:

- Créer un nouveau client VPN
- Exporter la config ou scanner le QR code





https://www.wundertech.net/wg-easy-wireguard-vpn-server/

https://github.com/ngoduykhanh/wireguard-ui

https://www.nas-forum.com/forum/topic/77094-tutodocker-linuxserverwireguard-wireguard-ui/