armbian/documentation
0
0
Fork 0
mirror of https://github.com/armbian/documentation.git synced 2026-01-06 10:13:36 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
igorpecovnik-patch-4
documentation/docs/User-Guide_Armbian-Software/VPN.md
igorpecovnik 3ead8253e8 Automatic documentation update
2025-07-01 15:17:34 +02:00

4.2 KiB
Raw Permalink Blame History

comments
comments
true

Virtual Private Network tools

WireGuard

WireGuard VPN server

WireGuard

WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. Regarded as the most secure, easiest to use, and simplest VPN solution in the industry.

Edit: footer header
Status: Enabled
Architecture: x86-64 arm64
Maintainer: @igorpecovnik
Documentation: Link

armbian-config --cmd WRG001

=== "Server"

1. Launch `armbian-config --cmd WRG001`.

2. When prompted, enter a comma-separated list of peer names (e.g., laptop,phone,router).

3. Peer configuration files will be created in

    ```
    /armbian/wireguard/config/wg_confs/peer_laptop.conf
    ```
4. Scan the QR code (for mobile) or transfer .conf to your client system.

5. Connect the client using the configuration.

=== "Client"

1. Launch `armbian-config --cmd WRG002`.

2. You will be asked to edit or paste a valid WireGuard configuration.

3. Provide the client configuration in this format:

```sh
[Interface]
Address = 10.13.13.2/32
PrivateKey = <your-private-key>
DNS = 1.1.1.1

[Peer]
PublicKey = <server-public-key>
Endpoint = your.server.com:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25
```

4. The configuration will be saved to:

    ```
    /armbian/wireguard/config/wg_confs/client.conf
    ```

5. When prompted, enter the local LAN subnets you wish to route via VPN (e.g., `10.0.10.0/24,192.168.0.0/16`).

6. The VPN container will be started and routing rules will be generated accordingly.

7. Routing will be restored automatically on boot via systemd service.

=== "Access to the server from internet"

Remember to open/forward the port 51820 (UDP) through NAT on your router.

=== "Directories"

- Install directory: `/armbian/wireguard`
- Site configuration directory: `/armbian/wireguard/config`

=== "View logs"

```sh
docker logs -f wireguard
```

armbian-config --cmd WRG002

armbian-config --cmd WRG003

armbian-config --cmd WRG004

armbian-config --cmd WRG005

ZeroTier

ZeroTier connect devices over your own private network in the world.

ZeroTier

Edit: footer header
Status: Stable

armbian-config --cmd ZTR001
Reference in New Issue View Git Blame Copy Permalink