3f29ea6fd7a634736a877fa806fa5d15e9c75fb2
howto/wireguard.md
| ... | ... | @@ -93,3 +93,50 @@ AllowedIPs = fe80::/10 |
| 93 | 93 | ``` |
| 94 | 94 | Use `which ip` to get the full path to your ip binary. |
| 95 | 95 | |
| 96 | +## systemd-networkd |
|
| 97 | + |
|
| 98 | +Example configuration for systemd-networkd. |
|
| 99 | + |
|
| 100 | +peer.netdev |
|
| 101 | +```text |
|
| 102 | +[NetDev] |
|
| 103 | +Name=<ifname> |
|
| 104 | +Kind=wireguard |
|
| 105 | + |
|
| 106 | +[WireGuard] |
|
| 107 | +PrivateKey=<your private key> |
|
| 108 | +ListenPort=<your listen port> |
|
| 109 | + |
|
| 110 | +[WireGuardPeer] |
|
| 111 | +PublicKey=<peer public key> |
|
| 112 | +Endpoint=<peer host and port, e.g. 1.2.3.4:9876> |
|
| 113 | +AllowedIPs=fe80::/64 |
|
| 114 | +AllowedIPs=fd00::/8 |
|
| 115 | +AllowedIPs=0.0.0.0/0 |
|
| 116 | +``` |
|
| 117 | + |
|
| 118 | +peer.network |
|
| 119 | +```text |
|
| 120 | +[Match] |
|
| 121 | +Name=<ifname> |
|
| 122 | + |
|
| 123 | +[Network] |
|
| 124 | +DHCP=no |
|
| 125 | +IPv6AcceptRA=false |
|
| 126 | + |
|
| 127 | +# if using link local addresses for peering |
|
| 128 | +[Address] |
|
| 129 | +Address=fe80::xx:xx:xx:xx/64 |
|
| 130 | + |
|
| 131 | +# if using IPv6 point to point |
|
| 132 | +[Address] |
|
| 133 | +Address=<your ipv6 address>/128 |
|
| 134 | +Peer=<your peer's IPv6 address>/128 |
|
| 135 | + |
|
| 136 | +# IPv4 point to point |
|
| 137 | +[Address] |
|
| 138 | +Address=<your IPv4 address>/32 |
|
| 139 | +Peer=<your peer's IPv4 address>/32 |
|
| 140 | +``` |
|
| 141 | + |
|
| 142 | + |