OpenVPNも悪くないのだが、やっぱり「証明書の更新」がなかなかに厳しい。というわけで、WireGuardを試してみる。
TBD
| (192.0.2.1) (198.51.100.1) | [NodeA]---+---[VPNR-A]------(Internet)------[VPNR-B]---+---[NodeB] (10) | (1) \(1) (2)/ (2) | (20) 10.1.1.0/24| +--------------------+ |10.2.2.0/24 10.255.255.0/24 Site A <------------->|<-------Internet------>|<----------> Site B
とする。
FreeBSD以外へのInstallは、いくらでも記事があるので、ここでは割愛。
pkg install wireguard
wireguard_enable=“YES”
wireguard_interfaces=“wg0”
これで、Install完了
# cd /usr/local/etc/wireguard # wg genkey | tee A.private.key | wg pubkey > A.public.key # cat A.private.key 1StlE/SHru2lOOoU+SLaA+SPLAYC+SCLOGUC0A+WaIMM= # cat A.public.key wla6Straum0tHReu+woMm/4gruyscrOMaa+thrai/kro=
# cd /usr/local/etc/wireguard # wg genkey | tee B.private.key | wg pubkey > B.public.key # cat B.private.key Xy8vOTORR2TrAAS3STRAY+TYVrAi+ROOTruId2tHlIPA= # cat B.public.key 7CYhEISH9She0WRUo0WrA+1tRAY/BLu8XoT/UL+SHLAY=
# Wireguard configuration. [Interface] Privatekey = 1StlE/SHru2lOOoU+SLaA+SPLAYC+SCLOGUC0A+WaIMM= Address = 10.255.255.1/24 ListenPort = 65534 [Peer] PublicKey = 7CYhEISH9She0WRUo0WrA+1tRAY/BLu8XoT/UL+SHLAY= AllowedIPs = 10.255,255,2/32, 10.2.2.0/24 Endpoint = 192.0.2.1:65534
# Wireguard configuration. [Interface] Privatekey = Xy8vOTORR2TrAAS3STRAY+TYVrAi+ROOTruId2tHlIPA= Address = 10.255.255.2/24 ListenPort = 65534 [Peer] PublicKey = wla6Straum0tHReu+woMm/4gruyscrOMaa+thrai/kro= AllowedIPs = 10.255.255.1/32, 10.1.1.0/24 Endpoint = 198.51.100.1:65534
service wireguard start
wg show
wireguard-go help
service wireguard stop