omv7:omv7_plugins:wireguard

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
omv7:omv7_plugins:wireguard [2024/02/17 17:35] – [Configuring a Client] chenteomv7:omv7_plugins:wireguard [2024/04/24 15:28] (current) – [Configuring a Client] chente
Line 1: Line 1:
 +{{indexmenu_n>8}}
 \\ \\
 <html><center><b>Wireguard Plugin For OMV7</b></center></html> <html><center><b>Wireguard Plugin For OMV7</b></center></html>
Line 19: Line 20:
       * You will be able to access all your shared folders and all the services you have configured on your local network as if you were there.       * You will be able to access all your shared folders and all the services you have configured on your local network as if you were there.
       * By default all client traffic will be forwarded through the VPN connection (it is configurable), providing privacy through the encrypted connection. You can be connected to a public Wi-Fi network and browse with the security that nobody sees what you do.       * By default all client traffic will be forwarded through the VPN connection (it is configurable), providing privacy through the encrypted connection. You can be connected to a public Wi-Fi network and browse with the security that nobody sees what you do.
-  * The Custom Config tab allows you to make configurations according to specific needs. You can implement any Wireguard network topology.+  * The Custom Config tab allows you to make configurations according to specific needs. You can use this tab if you need to connect the server to an external Wireguard VPN service, or you can implement any Wireguard network topology. 
     * The point-to-point connection allows the connection between two servers, communicating only with each other. For example to make remote backups.     * The point-to-point connection allows the connection between two servers, communicating only with each other. For example to make remote backups.
     * The site-to-site provides a connection between two networks so that any IP on a local network is able to communicate with any IP on another local network.     * The site-to-site provides a connection between two networks so that any IP on a local network is able to communicate with any IP on another local network.
Line 139: Line 140:
     * **Name** You can name the client to identify it later.     * **Name** You can name the client to identify it later.
   * **Advanced Configuration** These are custom configuration options that are not necessary to configure a client except for special needs. If you don't need any of this, leave the default values.   * **Advanced Configuration** These are custom configuration options that are not necessary to configure a client except for special needs. If you don't need any of this, leave the default values.
-    * **Persistent Keepalive** The default setting is to leave it blank. In some cases it may be necessary to set a value here to keep the connection active. A suitable value is usually 25 (Every 25 seconds the client will send a packet to the server). 
     * **Persistent Keepalive** The default setting is to leave it blank. In some cases it may be necessary to set a value here to keep the connection active. A suitable value is usually 25 (Every 25 seconds the client will send a packet to the server).     * **Persistent Keepalive** The default setting is to leave it blank. In some cases it may be necessary to set a value here to keep the connection active. A suitable value is usually 25 (Every 25 seconds the client will send a packet to the server).
     * **DNS Servers** The default setting is to leave it blank. In some cases it may be necessary to establish a DNS server for the client to communicate correctly on the local network. The usual thing will be to establish the IP of the router. The menu will show the existing value in resolv.conf in case you want to copy it to the field on the right.     * **DNS Servers** The default setting is to leave it blank. In some cases it may be necessary to establish a DNS server for the client to communicate correctly on the local network. The usual thing will be to establish the IP of the router. The menu will show the existing value in resolv.conf in case you want to copy it to the field on the right.
-    * **Restrict** button. The default setting is to leave it unchecked, this will set AllowedIPs to ''0.0.0.0/0'' and all traffic will be routed through the tunnel. If you need to split the tunnel traffic on this client you can press the button to access the different options. Using either of these options will remove the value 0.0.0.0/0 from the AllowedIPs variable. The different options add values ​​regardless of whether the other options are active or not.+    * **Restrict** button. The default setting is to leave it unchecked, this will set AllowedIPs to ''0.0.0.0/0'' and all traffic will be routed through the tunnel. If you need to split the tunnel traffic on this client you can press the button to access the different options. Using either of these options will remove the value ''0.0.0.0/0'' from the AllowedIPs variable. The different options add values ​​regardless of whether the other options are active or not.
       * **VPN** button. Pressing this button will remove the ''0.0.0.0/0'' network range from the AllowedIPs settings and add the network range that the plugin has set for this tunnel's VPN.       * **VPN** button. Pressing this button will remove the ''0.0.0.0/0'' network range from the AllowedIPs settings and add the network range that the plugin has set for this tunnel's VPN.
       * **Local IP** button. Pressing this button will remove the network range ''0.0.0.0/0'' from the AllowedIPs settings and add the network range manually set in the tunnel settings to the Local IP field.       * **Local IP** button. Pressing this button will remove the network range ''0.0.0.0/0'' from the AllowedIPs settings and add the network range manually set in the tunnel settings to the Local IP field.
Line 148: Line 148:
   * Click **Save**. At this point, if you have already activated the tunnel and the client, the connection will be up and running.    * Click **Save**. At this point, if you have already activated the tunnel and the client, the connection will be up and running. 
   * By pressing the button **Client Config** you can see the client configuration file, you can copy and paste the text in a file to configure the connection in the client. If you do it this way, add the ending ".conf" to the created file. Treat this file like a password, it is the access key to your network. Once the connection is configured, it is advisable to delete this file for security.    * By pressing the button **Client Config** you can see the client configuration file, you can copy and paste the text in a file to configure the connection in the client. If you do it this way, add the ending ".conf" to the created file. Treat this file like a password, it is the access key to your network. Once the connection is configured, it is advisable to delete this file for security. 
-  * A QR will appear in the table (if the client is enabled), which you can scan from a smartphone to configure the connection without having to copy a file. If you need to send it you can take a photo. Treat this image as a password, it is the access key to your network. +  * A QR will appear in the table (if the client is enabled), which you can scan from a smartphone to configure the connection without having to copy a file. If you need to send it you can take a photo. Treat this image as a password, it is the access key to your network (the first time the page loads after setup the QR code still does not appear, please reload the page or change tabs and come back to see the QR code).
   * Use a different client configuration for each client. If you configure the same connection on several clients at the same time, they will not be able to connect simultaneously.   * Use a different client configuration for each client. If you configure the same connection on several clients at the same time, they will not be able to connect simultaneously.
  
Line 186: Line 186:
 ---- ----
  
-This tab allows you to create a tunnel with the custom settings you need. It allows to open an editing window where you can paste the configuration from a text file, therefore, you can choose the parameters you need for the tunnel.+This tab allows you to create a tunnel with the custom settings you need. It allows to open an editing window where you can paste the configuration from a text file, therefore, you can choose the parameters you need for the tunnel. Use this tab if you need to connect the server to an external (commercial) Wireguard VPN service.
  
 If you need to configure a tunnel to connect the point-to-point server with another server, or any other network topology, you must do so in this tab, since it allows you to manually define keys, networks and other necessary parameters. If you need to configure a tunnel to connect the point-to-point server with another server, or any other network topology, you must do so in this tab, since it allows you to manually define keys, networks and other necessary parameters.
Line 201: Line 201:
   * In the **Config** field write the configuration content of your tunnel following the Wireguard rules.   * In the **Config** field write the configuration content of your tunnel following the Wireguard rules.
     * You can see how to do it on the [[https://www.wireguard.com/#simple-network-interface|Wireguard]] website. Or use a template following the suggestion at the bottom of this section.     * You can see how to do it on the [[https://www.wireguard.com/#simple-network-interface|Wireguard]] website. Or use a template following the suggestion at the bottom of this section.
 +    * If you want to connect to a commercial VPN service, they will most likely provide you with the tunnel configuration template. In that case, simply copy and paste that template into the Config field.
     * If you need special topologies you can find them on the [[https://www.procustodibus.com/blog/2020/10/wireguard-topologies/|procustodibus.com]] website.     * If you need special topologies you can find them on the [[https://www.procustodibus.com/blog/2020/10/wireguard-topologies/|procustodibus.com]] website.
     * Note that the networks created by the plugin in the **Tunnel** and **Client** tabs are generated in the ''10.192.x.x'' network range. Therefore, choosing networks in this range may cause conflicts. In that case the service will not start and the plugin will throw an error.     * Note that the networks created by the plugin in the **Tunnel** and **Client** tabs are generated in the ''10.192.x.x'' network range. Therefore, choosing networks in this range may cause conflicts. In that case the service will not start and the plugin will throw an error.
  • omv7/omv7_plugins/wireguard.1708191309.txt.gz
  • Last modified: 2024/02/17 17:35
  • by chente