Go to file

Gašper Spagnolo aca7f9fbdf Update with docker conf		2023-04-05 14:08:27 +02:00
pcap	Dodaj keepalive traffic	2023-04-03 09:22:28 +02:00
presentation	Add presentation	2023-03-11 11:53:25 +01:00
report	Add presentation	2023-03-11 11:53:25 +01:00
vg	Update with docker conf	2023-04-05 14:08:27 +02:00
virsh_network	Simple server installation done	2023-03-09 10:54:19 +01:00
.gitignore	Simple server installation done	2023-03-09 10:54:19 +01:00
README.md	Update with docker conf	2023-04-05 14:08:27 +02:00
requirements.txt	Simple server installation done	2023-03-09 10:54:19 +01:00
requirements.yml	Simple server installation done	2023-03-09 10:54:19 +01:00

README.md

Wireguard automated install with vagrant and ansible provision

Dependencies:

System:

# apt install python3 python3-pip python3-venv

Python:

python3 -m venv .venv
source ./.venv/bin/activate
pip install -r requirements.txt

Ansible:

ansible-galaxy install -r requirements.yml

Start

./virsh_network/start.sh
cd vg && vagrant up --provider=libvirt --no-parallel

Destroy the environment

vagrant destroy
./virsh_network/destroy.sh

Report

zathura report/report.pdf

Wireshark captures

wireshark pcap/eth1_traffic.pcap # public interface (encrypted traffic)
wiershark pcap/wg0_traffic.pcap # wireguard interface (decrypted traffic)
wiershark pcap/keep_alive.pcap # public interface (encrypted traffic, keepalive packets)

Good resource about wireguard

github

Enable IP forwarding on the peer through which other devices on the network will connect to WireGuard peer

sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv6.conf.all.forwarding=1

ENABLE logging for debugging

modprobe wireguard
echo module wireguard +p > /sys/kernel/debug/dynamic_debug/control
dmesg -wH

Run in docker

version: '3'

services:
  wireguard:
    image: linuxserver/wireguard
    ports:
      - 51820:51820/udp
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    volumes:
      - /lib/modules:/lib/modules
      - ./wg0.conf:/config/wg0.conf:ro