web-archive/AlpineLinux/Wireguard on Alpine.html

336 lines
53 KiB
HTML
Raw Permalink Normal View History

2023-09-01 08:20:19 +02:00
<!DOCTYPE html> <html class="client-js vector-animations-ready" dir=ltr lang=en><!--
Page saved with SingleFile
url: https://wiki.alpinelinux.org/wiki/Configure_a_Wireguard_interface_(wg)
saved date: Thu Mar 02 2023 17:12:11 GMT+0100 (Central European Standard Time)
--><meta charset=utf-8>
<title>Configure a Wireguard interface (wg) - Alpine Linux</title>
<style>.mw-ui-button{border:1px solid #a2a9b1;cursor:pointer;font-family:inherit;text-align:center;-webkit-appearance:none}.mw-ui-button:not(.mw-ui-icon-element){min-height:32px;min-width:4em;max-width:28.75em;padding:5px 12px}.mw-ui-button:not(:disabled){transition-property:background-color,color,border-color,box-shadow;transition-duration:100ms}.mw-ui-button:not(:disabled):visited{color:#202122}.mw-ui-button:not(:disabled):hover{background-color:#ffffff;color:#404244;border-color:#a2a9b1}.mw-ui-button:not(:disabled):focus{color:#202122;border-color:#3366cc;box-shadow:inset 0 0 0 1px #3366cc,inset 0 0 0 2px #ffffff;outline-width:0}.mw-ui-button:not(:disabled):focus::-moz-focus-inner{border-color:transparent;padding:0}.mw-ui-button:not(:disabled):active,.mw-ui-button:not(:disabled).is-on{background-color:#c8ccd1;color:#000000;border-color:#72777d;box-shadow:none}.mw-ui-button:disabled{background-color:#c8ccd1;color:#ffffff;border-color:#c8ccd1;cursor:default}.mw-ui-button.mw-ui-icon-element:not(.mw-ui-icon-with-label-desktop){color:transparent!important}.mw-ui-button.mw-ui-icon-element:not(.mw-ui-icon-with-label-desktop) span{display:block;position:absolute!important;clip:rect(1px,1px,1px,1px);width:1px;height:1px;margin:-1px;border:0;padding:0;overflow:hidden}@media all and (max-width:1000px){.mw-ui-button.mw-ui-icon-element span{display:block;position:absolute!important;clip:rect(1px,1px,1px,1px);width:1px;height:1px;margin:-1px;border:0;padding:0;overflow:hidden}}.mw-ui-button.mw-ui-quiet{background-color:transparent;color:#202122;border-color:transparent;font-weight:bold}.mw-ui-button.mw-ui-quiet:not(.mw-ui-icon-element),.mw-ui-button.mw-ui-quiet.mw-ui-progressive:not(.mw-ui-icon-element),.mw-ui-button.mw-ui-quiet.mw-ui-destructive:not(.mw-ui-icon-element){min-height:32px}input[type="checkbox"]:hover+.mw-ui-button.mw-ui-quiet,input[type="checkbox"]:hover+.mw-ui-button.mw-ui-quiet.mw-ui-progressive,input[type="checkbox"]:hover+.mw-ui-button.mw-ui-quiet.mw-ui-destructive,.mw-ui-button.mw-ui-quiet:hover,.mw-ui-button.mw-ui-quiet.mw-ui-progressive:hover,.mw-ui-button.mw-ui-quiet.mw-ui-destructive:hover{background-color:rgba(0,24,73,0.02745098);color:#202122;border-color:transparent}input[type="checkbox"]:focus+.mw-ui-button.mw-ui-quiet,input[type="checkbox"]:focus+.mw-ui-button.mw-ui-quiet.mw-ui-progressive,input[type="checkbox"]:focus+.mw-ui-button.mw-ui-quiet.mw-ui-destructive,.mw-ui-button.mw-ui-quiet:focus,.mw-ui-button.mw-ui-quiet.mw-ui-progressive:focus,.mw-ui-button.mw-ui-quiet.mw-ui-destructive:focus{color:#202122;border-color:#3366cc;box-shadow:inset 0 0 0 1px #3366cc,inset 0 0 0 2px #ffffff}input[type="checkbox"]:active+.mw-ui-button.mw-ui-quiet,input[type="checkbox"]:active+.mw-ui-button.mw-ui-quiet.mw-ui-progressive,input[type="checkbox"]:active+.mw-ui-button.mw-ui-quiet.mw-ui-destructive,.mw-ui-button.mw-ui-quiet:active,.mw-ui-button.mw-ui-quiet.mw-ui-progressive:active,.mw-ui-button.mw-ui-quiet.mw-ui-destructive:active{background-color:rgba(0,36,73,0.08235294);color:#000000;border-color:#72777d;box-shadow:none}.mw-ui-button.mw-ui-quiet:disabled,.mw-ui-button.mw-ui-quiet.mw-ui-progressive:disabled,.mw-ui-button.mw-ui-quiet.mw-ui-destructive:disabled,.mw-ui-button.mw-ui-quiet:disabled:hover,.mw-ui-button.mw-ui-quiet.mw-ui-progressive:disabled:hover,.mw-ui-button.mw-ui-quiet.mw-ui-destructive:disabled:hover,.mw-ui-button.mw-ui-quiet:disabled:active,.mw-ui-button.mw-ui-quiet.mw-ui-progressive:disabled:active,.mw-ui-button.mw-ui-quiet.mw-ui-destructive:disabled:active{background-color:transparent;color:#72777d;border-color:transparent}.mw-ui-icon{font-size:initial;position:relative;display:inline-block;box-sizing:content-box!important;width:1.25em;height:1.25em;min-width:1.25em;min-height:1.25em;flex-basis:1.25em;vertical-align:middle;line-height:0;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;-moz-appearance:none;-webkit-appearance:none;background-color:transparent;margin:0;padding:0}.mw-ui-icon:not(.mw-ui-button){border:0}.mw-ui-icon:before{content:"";display:block;width:100%;height:100%;min-width
<meta name=generator content="MediaWiki 1.39.2">
<meta name=format-detection content="telephone=no">
<meta name=viewport content="width=1000">
<link rel=search type=application/opensearchdescription+xml href=https://wiki.alpinelinux.org/w/opensearch_desc.php title="Alpine Linux (en)">
<link rel=EditURI type=application/rsd+xml href="https://wiki.alpinelinux.org/w/api.php?action=rsd">
<link rel=license href=https://wiki.alpinelinux.org/wiki/MediaWiki:Copyright>
<link rel=alternate type=application/atom+xml title="Alpine Linux Atom feed" href="https://wiki.alpinelinux.org/w/index.php?title=Special:RecentChanges&amp;feed=atom">
<link rel=icon href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAMAAABEpIrGAAAABGdBTUEAALGPC/xhBQAAAAFzUkdCAK7OHOkAAAAgY0hSTQAAeiYAAICEAAD6AAAAgOgAAHUwAADqYAAAOpgAABdwnLpRPAAAATJQTFRF////AICAC1qADVmAFGJ2DVmADVl/EFiADVmADlmADVmAAAAADVmADVl+DVl/Dlp/F110DVl/DVmADVmADVl/DliADFd8DliADVl+DVuADVl/CVh7DVmADFuADVh/DVqADVmADVmADFmADVl/FVWAC1h+Dlh+AFVVDFiADVl/DluADFl9DVl/DViADVh7DFqADVmADVmADVh/DVl/DVl+AECADlp/DVmADlmADVl/DFmADVmADFeAGk2ADlmADlqADlqADVh/DVqAAFVxDVl/DVeADlp+DlqADlqADll/AFWAAGCADFp/DFl/AGZmDVl/Dld9DV55DVmADVmADVl/DVh/DVl/DVmADFmADVl/DVl/DVt9Dll/DVmADViADll/DlmADFl9DVmADFiADVl/////pwlF4gAAAGR0Uk5TAAIwZA3ohyD4qjwBzF/nlwvlKIybgimWc0z5HfYqoHdQ+qbpDENLA1T7OCvDTjlY/P7HwU0Eqopc/aTqLAqESqiFYAmjJkeAXoEGCLmPBfc1E8jktdvRxrjzyzuphmLPzj/wQC8LztMAAAABYktHRACIBR1IAAAACXBIWXMAAABIAAAASABGyWs+AAABW0lEQVQ4y72TZ1vCMBCAD9lTUBEFVEAUwQlO6kBxFVcVcLFc9/9/g9c0lTYtX70PbXLv+7SXXALwb+EYE8IhCE4UwmnmLrcouF0mwYOW8Bi512cVfF6D4Eeb8A95AG0joPNgyF4IBbkQ1jORcbMR1ng0pq9sAibV95RecizKhLjOp2mSQJyB2SRPxVWeSnM+x+qZX6BnJqvl0ima5LTxIvH8EjVluUDJlaKWzQGUOF8lvlbMABTWN8jY3GLpcgkqfzy6jZjdAdjd2yfjoMpABST1dXgEcCyd0ChZI+P0jIw6MyRWo8rPLy7rrAVX9JfcNRlyVauygZi4gdu7+wcmoEKVPqbJeGoiNtR9atEn2s+0zhfexnazjPj69o7YYjsl48iQtV51RvEO71Z3lNDV+92z573hiVPsuGI4c307oW84k/mIlUfyxmM9sAoD8837EPmncPe+voX44eAXvM/afnTm3m8AAAAldEVYdGRhdGU6Y3JlYXRlADIwMTQtMTItMTBUMTE6Mjc6MzEtMDU6MDCD+78IAAAAJXRFWHRkYXRlOm1vZGlmeQAyMDE0LTEyLTEwVDExOjI3OjI3LTA1OjAwXdwyEAAAAABJRU5ErkJggg=="><style>.sf-hidden{display:none!important}</style><link rel=canonical href=https://wiki.alpinelinux.org/wiki/Configure_a_Wireguard_interface_(wg)><meta http-equiv=content-security-policy content="default-src 'none'; font-src 'self' data:; img-src 'self' data:; style-src 'unsafe-inline'; media-src 'self' data:; script-src 'unsafe-inline' data:; object-src 'self' data:; frame-src 'self' data:;"><style>img[src="data:,"],source[src="data:,"]{display:none!important}</style></head>
<body class="skin-vector skin-vector-search-vue mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject page-Configure_a_Wireguard_interface_wg rootpage-Configure_a_Wireguard_interface_wg skin-vector-2022 action-view vector-feature-language-in-header-enabled vector-feature-language-in-main-page-header-disabled vector-feature-language-alert-in-sidebar-disabled vector-feature-sticky-header-disabled vector-feature-sticky-header-edit-disabled vector-feature-table-of-contents-disabled vector-feature-visual-enhancement-next-disabled uls-dialog-sticky-hide vector-toc-not-collapsed vector-below-page-title"><div class=mw-page-container>
<span id=top-page></span>
<a class=mw-jump-link href=#content>Jump to content</a>
<div class=mw-page-container-inner>
<input type=checkbox id=mw-sidebar-checkbox class="mw-checkbox-hack-checkbox sf-hidden">
<header class=mw-header>
<div class=mw-header-aside>
<label id=mw-sidebar-button class="mw-checkbox-hack-button mw-ui-icon mw-ui-button mw-ui-quiet mw-ui-icon-element" for=mw-sidebar-checkbox role=button aria-controls=mw-panel data-event-name=ui.sidebar tabindex=0 title="Main menu" aria-expanded=false>
<span>Toggle sidebar</span>
</label>
<a href=https://wiki.alpinelinux.org/wiki/Main_Page class=mw-logo>
<span class=mw-logo-container>
<strong class=mw-logo-wordmark>Alpine Linux</strong>
</span>
</a>
</div>
<div class=mw-header-content>
<div id=p-search role=search class="vector-search-box-vue vector-search-box-collapses vector-search-box-show-thumbnail vector-search-box-auto-expand-width vector-search-box">
<a href=https://wiki.alpinelinux.org/wiki/Special:Search title="Search Alpine Linux [⌃⌥f]" accesskey=f class="mw-ui-button mw-ui-quiet mw-ui-icon mw-ui-icon-element mw-ui-icon-wikimedia-search search-toggle sf-hidden">
</a>
<div>
<form action=/w/index.php id=searchform class=vector-search-box-form>
<div id=simpleSearch class=vector-search-box-inner data-search-loc=header-moved>
<input class=vector-search-box-input type=search name=search placeholder="Search Alpine Linux" aria-label="Search Alpine Linux" autocapitalize=sentences title="Search Alpine Linux [⌃⌥f]" accesskey=f id=searchInput autocomplete=off value>
<input id=mw-searchButton class="searchButton mw-fallbackSearchButton" type=submit name=fulltext title="Search the pages for this text" value=Search>
<input id=searchButton class=searchButton type=submit name=go title="Go to a page with this exact name if it exists" value=Go>
</div>
</form>
</div>
</div>
<nav class=vector-user-links aria-label="Personal tools" role=navigation>
<div id=p-vector-user-menu-overflow class="vector-menu mw-portlet mw-portlet-vector-user-menu-overflow vector-user-menu-overflow">
<div class=vector-menu-content>
<ul class=vector-menu-content-list><li id=pt-createaccount-2 class="user-links-collapsible-item mw-list-item"><a href="https://wiki.alpinelinux.org/w/index.php?title=Special:CreateAccount&amp;returnto=Configure+a+Wireguard+interface+%28wg%29" title="You are encouraged to create an account and log in; however, it is not mandatory"><span>Create account</span></a></ul>
</div>
</div>
<div id=p-personal class="vector-menu mw-portlet mw-portlet-personal vector-user-menu vector-user-menu-logged-out vector-menu-dropdown" title="More options">
<input type=checkbox id=p-personal-checkbox role=button aria-haspopup=true data-event-name=ui.dropdown-p-personal class=vector-menu-checkbox>
<label id=p-personal-label for=p-personal-checkbox class="vector-menu-heading mw-ui-button mw-ui-quiet mw-ui-icon mw-ui-icon-element mw-ui-icon-ellipsis mw-ui-icon-wikimedia-ellipsis">
<span class=vector-menu-heading-label>Personal tools</span>
</label>
<div class=vector-menu-content>
<div class=vector-user-menu-create-account><a href="https://wiki.alpinelinux.org/w/index.php?title=Special:CreateAccount&amp;returnto=Configure+a+Wireguard+interface+%28wg%29" class="vector-menu-content-item user-links-collapsible-item sf-hidden" title="You are encouraged to create an account and log in; however, it is not mandatory"> </a></div>
<div class=vector-user-menu-login><a href="https://wiki.alpinelinux.org/w/index.php?title=Special:UserLogin&amp;returnto=Configure+a+Wireguard+interface+%28wg%29" class="vector-menu-content-item vector-menu-content-item-login" title="You are encouraged to log in; however, it is not mandatory [⌃⌥o]" accesskey=o><span class="mw-ui-icon mw-ui-icon-logIn mw-ui-icon-wikimedia-logIn"></span> <span>Log in</span></a></div>
<ul class=vector-menu-content-list></ul>
</div>
</div>
</nav>
</div>
</header>
<div class=vector-sidebar-container>
<div id=mw-navigation>
<nav id=mw-panel class="mw-sidebar sf-hidden" aria-label=Site role=navigation>
</nav>
</div>
</div>
<div class=vector-sitenotice-container>
<div id=siteNotice></div>
</div>
<input type=checkbox id=vector-toc-collapsed-checkbox class="mw-checkbox-hack-checkbox sf-hidden">
<div class=mw-table-of-contents-container>
<div class="vector-sticky-toc-container mw-sticky-header-element">
<nav id=mw-panel-toc class=sidebar-toc role=navigation aria-labelledby=sidebar-toc-label data-event-name=ui.sidebar-toc>
<div id=sidebar-toc-label class=sidebar-toc-header>
<p class=sidebar-toc-title>
Contents
<button class="vector-toc-uncollapse-button sf-hidden">move to sidebar</button>
<button class=vector-toc-collapse-button>hide</button>
</p>
</div>
<ul class=sidebar-toc-contents id=mw-panel-toc-list>
<li id=toc-mw-content-text class="sidebar-toc-list-item sidebar-toc-level-1">
<a href=#top-page class=sidebar-toc-link>
<div class=sidebar-toc-text>Beginning</div>
</a>
</li>
<li id=toc-Bringing_up_an_interface_using_wg-tools class="sidebar-toc-list-item sidebar-toc-level-1 sidebar-toc-list-item-expanded">
<a class=sidebar-toc-link href=#Bringing_up_an_interface_using_wg-tools>
<div class=sidebar-toc-text>
<span class="sidebar-toc-numb sf-hidden">1</span>Bringing up an interface using wg-tools</div>
</a>
<ul id=toc-Bringing_up_an_interface_using_wg-tools-sublist class=sidebar-toc-list>
</ul>
</li>
<li id=toc-Bringing_up_an_interface_using_ifupdown-ng class="sidebar-toc-list-item sidebar-toc-level-1 sidebar-toc-list-item-expanded sidebar-toc-list-item-active">
<a class=sidebar-toc-link href=#Bringing_up_an_interface_using_ifupdown-ng>
<div class=sidebar-toc-text>
<span class="sidebar-toc-numb sf-hidden">2</span>Bringing up an interface using ifupdown-ng</div>
</a>
<ul id=toc-Bringing_up_an_interface_using_ifupdown-ng-sublist class=sidebar-toc-list>
</ul>
</li>
<li id=toc-Enable_IP_Forwarding class="sidebar-toc-list-item sidebar-toc-level-1 sidebar-toc-list-item-expanded">
<a class=sidebar-toc-link href=#Enable_IP_Forwarding>
<div class=sidebar-toc-text>
<span class="sidebar-toc-numb sf-hidden">3</span>Enable IP Forwarding</div>
</a>
<ul id=toc-Enable_IP_Forwarding-sublist class=sidebar-toc-list>
</ul>
</li>
<li id=toc-Running_with_modloop class="sidebar-toc-list-item sidebar-toc-level-1 sidebar-toc-list-item-expanded">
<a class=sidebar-toc-link href=#Running_with_modloop>
<div class=sidebar-toc-text>
<span class="sidebar-toc-numb sf-hidden">4</span>Running with modloop</div>
</a>
<ul id=toc-Running_with_modloop-sublist class=sidebar-toc-list>
</ul>
</li>
</ul>
</nav>
</div>
</div>
<div class=mw-content-container>
<main id=content class=mw-body role=main>
<a id=top></a>
<header class=mw-body-header>
<label id=vector-toc-collapsed-button class="mw-ui-button mw-ui-quiet mw-ui-icon mw-ui-icon-element mw-ui-icon-wikimedia-listBullet mw-checkbox-hack-button sf-hidden" for=vector-toc-collapsed-checkbox role=button aria-controls=toc-toggle-list data-event-name=vector.toc-toggle-list tabindex=0 title="Table of Contents" aria-expanded=false>
Toggle the table of contents
</label>
<h1 id=firstHeading class="firstHeading mw-first-heading"><span class=mw-page-title-main>Configure a Wireguard interface (wg)</span></h1>
</header>
<nav class=vector-article-toolbar aria-label=Tools role=navigation>
<div class=mw-article-toolbar-container>
<div id=left-navigation>
<div id=p-associated-pages class="vector-menu mw-portlet mw-portlet-associated-pages vector-menu-tabs">
<div class=vector-menu-content>
<ul class=vector-menu-content-list><li id=ca-nstab-main class="selected mw-list-item"><a href=https://wiki.alpinelinux.org/wiki/Configure_a_Wireguard_interface_(wg) title="View the content page [⌃⌥c]" accesskey=c><span>Page</span></a><li id=ca-talk class=mw-list-item><a href=https://wiki.alpinelinux.org/wiki/Talk:Configure_a_Wireguard_interface_(wg) rel=discussion title="Discussion about the content page [⌃⌥t]" accesskey=t><span>Discussion</span></a></ul>
</div>
</div>
<div id=p-variants class="vector-menu mw-portlet mw-portlet-variants emptyPortlet vector-menu-dropdown sf-hidden">
</div>
</div>
<div id=right-navigation class=vector-collapsible>
<div id=p-views class="vector-menu mw-portlet mw-portlet-views vector-menu-tabs">
<div class=vector-menu-content>
<ul class=vector-menu-content-list><li id=ca-view class="selected mw-list-item"><a href=https://wiki.alpinelinux.org/wiki/Configure_a_Wireguard_interface_(wg)><span>Read</span></a><li id=ca-viewsource class=mw-list-item><a href="https://wiki.alpinelinux.org/w/index.php?title=Configure_a_Wireguard_interface_(wg)&amp;action=edit" title="This page is protected.
You can view its source [⌃⌥e]" accesskey=e><span>View source</span></a><li id=ca-history class=mw-list-item><a href="https://wiki.alpinelinux.org/w/index.php?title=Configure_a_Wireguard_interface_(wg)&amp;action=history" title="Past revisions of this page [⌃⌥h]" accesskey=h><span>View history</span></a></ul>
</div>
</div>
<div id=p-cactions class="vector-menu mw-portlet mw-portlet-cactions emptyPortlet vector-menu-dropdown vector-has-collapsible-items sf-hidden" title="More options">
</div>
</div>
</div>
</nav>
<div id=bodyContent class=vector-body data-mw-ve-target-container>
<div class=mw-body-subheader>
<div class=mw-indicators>
</div>
<div id=siteSub class="noprint sf-hidden">From Alpine Linux</div>
</div>
<div id=mw-content-text class="mw-body-content mw-content-ltr" dir=ltr lang=en><div class=mw-parser-output><table style="clear:left;margin-bottom:.5em;float:left;padding:.5em 1.4em .8em 0;background:none;width:auto" cellspacing=0 cellpadding=0>
<tbody><tr>
<td><mw:tocplace></mw:tocplace>
</table>
<p>WireGuard is a very promising VPN technology available in the community repository since Alpine 3.10.
<p>There are several ways to install and configure an interface.
<p>In order to load the WireGuard kernel module, you need a compatible kernel:
</p>
<ul><li>linux-lts</li>
<li>linux-virt</ul>
<h2><span class=mw-headline id=Bringing_up_an_interface_using_wg-tools>Bringing up an interface using wg-tools</span></h2>
<p>The most straightforward method, and the one recommended in WireGuard documentation, is to use <code>wg-quick</code>.
<p>Install wireguard-tools
</p>
<pre>apk add wireguard-tools
</pre>
<p>Reboot and then load the module
</p>
<pre>modprobe wireguard
</pre>
<p>Add it to <code>/etc/modules</code> to automatically load it on boot.
<p>Then, we need to create a private and a public key:
</p>
<pre>wg genkey | tee privatekey | wg pubkey &gt; publickey
</pre>
<p>Then, we create a new config file <code>/etc/wireguard/wg0.conf</code> using those keys:
</p>
<pre>[Interface]
Address = 10.123.0.1/24
ListenPort = 45340
PrivateKey = SG1nXk2+kAAKnMkL5aX3NSFPaGjf9SQI/wWwFj9l9U4= # the key from the previously generated privatekey file
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE;iptables -A FORWARD -o %i -j ACCEPT
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE;iptables -D FORWARD -o %i -j ACCEPT
</pre>
<p>The PostUp and PostDown steps are there to ensure the interface wg0 will accept and forward traffic to eth0. The postrouting and forward to %i is not required, but it will enable "VPN mode" where users can access the internet via this server if desired.
Note that this requires <code>iptables</code> installed and enabled: <code>apk add iptables &amp;&amp; rc-update add iptables</code>.
Reference <a rel=nofollow class="external text" href=https://github.com/pirate/wireguard-docs#user-content-config-reference>this WireGuard documentation</a> for information on adding peers to the config file.
<p>To bring up the new interface we use:
</p>
<pre>wg-quick up wg0
</pre>
<p>To take it down, we can use <code>wg-quick down wg0</code> which will clean up the interface and remove the iptables rules.
Note: If running in a Docker container, you will need to run with <code>--cap-add=NET_ADMIN</code> to modify your interfaces.
</p>
<h2><span class=mw-headline id=Bringing_up_an_interface_using_ifupdown-ng>Bringing up an interface using ifupdown-ng</span></h2>
<p>The official documents from WireGuard show examples of how to set up an interface with the use of wg-quick.
In this how-to, we are not going to use that utility. We'll use the plain wg command and <a rel=nofollow class="external text" href=https://github.com/ifupdown-ng/ifupdown-ng/blob/master/doc/interfaces-wireguard.scd>ifupdown-ng</a>.
</p>
<pre>apk add wireguard-tools-wg
</pre>
<p>Now that all the tools are installed, you can setup the interface.
The setup of your interface config is out of the scope of this document. You should consult the <a rel=nofollow class="external text" href=https://git.zx2c4.com/WireGuard/about/src/tools/man/wg.8>manual page of wg</a>.
<p>After you have finished setting up your wgX interface config, you can add it to your <code>/etc/network/interfaces</code>:
</p>
<pre>auto wg0
iface wg0 inet static
requires eth0
use wireguard
address 192.168.42.1
post-up iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE;iptables -A FORWARD -o wg0 -j ACCEPT
post-down iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE;iptables -D FORWARD -o wg0 -j ACCEPT
</pre>
<p>This config will automatically:
</p>
<ul><li>bring the WireGuard interface up after the eth0 interface</li>
<li>assign a config to this interface (which you have previously created)</li>
<li>setup the interface address and netmask</li>
<li>add the route once the interface is up</li>
<li>remove the interface when it goes down</li>
<li>enable traffic forwarding (the <code>post-up</code> and <code>post-down</code> lines; requires <code>iptables</code>) (note that this is not required unless you want peers to be able to access external resources like the internet)</ul>
<div style="padding:0.25em;margin:0.50em 0;background-color:#DDDDFF;border:2px solid #BBBBFF"><strong> Note: </strong><span class=Alp-Note>If you are using the same config (/etc/wireguard/wg0.conf) from a <code>wg-quick</code> setup, you must comment out the <code>Address</code> line in the <code>[Interface]</code> section. Otherwise, the interface will not come up.</span></div>
<p>To start and stop the interface, you execute:
</p>
<pre>ifup wg0
ifdown wg0
</pre>
<p>If your interface config is not stored under <code>/etc/wireguard/</code> you need to specify a <code>wireguard-config-path</code> as well.
</p>
<h2><span class=mw-headline id=Enable_IP_Forwarding>Enable IP Forwarding</span></h2>
<p>If you intend for peers to be able to access external resources (including the internet), you will need to enable forwarding.
Edit the file <code>/etc/sysctl.conf</code> (or a <code>.conf</code> file under <code>/etc/sysctl.d/</code>) and add the following line.
</p>
<pre>net.ipv4.ip_forward = 1
</pre>
<p>Then either reboot or run <code>sysctl -p /etc/sysctl.conf</code> to reload the settings.
To ensure forwarding is turned on, run <code>sysctl -a | grep ip_forward</code> and ensure <code>net.ipv4.ip_forward</code> is set to <code>1</code>.
To make the change permanent across reboots, you may need to enable the <code>sysctl</code> service: <code>rc-update add sysctl</code>.
<p><br>
</p>
<h2><span class=mw-headline id=Running_with_modloop>Running with modloop</span></h2>
<p>If you are running from a RAM disk, you can't modify the modloop.
<p>You can get around it by unpacking the modloop, mounting the unpacked modules folder, then installing WireGuard.
</p>
<pre>#!/bin/sh
apk add squashfs-tools # install squashfs tools to unpack modloop
unsquashfs -d /root/squash /lib/modloop-lts # unpack modloop to root dir
umount /.modloop # unmount existing modloop
mount /root/squash/ /.modloop/ # mount unpacked modloop
apk del wireguard-lts # uninstall previous WireGuard install
apk add wireguard-lts
apk add wireguard-tools
</pre>
<p>You can repack the squash filesystem or put this script in the /etc/local.d/ path so it runs at boot-up.
</p>
</div>
<div class="printfooter sf-hidden" data-nosnippet>Retrieved from ""</div></div>
<div id=catlinks class=catlinks data-mw=interface><div id=mw-normal-catlinks class=mw-normal-catlinks><a href=https://wiki.alpinelinux.org/wiki/Special:Categories title=Special:Categories>Category</a>: <ul><li><a href=https://wiki.alpinelinux.org/wiki/Category:Networking title=Category:Networking>Networking</a></ul></div></div>
</div>
</main>
</div>
<div class=mw-footer-container>
<footer id=footer class=mw-footer role=contentinfo>
<ul id=footer-info>
<li id=footer-info-lastmod> This page was last edited on 12 August 2022, at 20:58.</li>
<li id=footer-info-copyright><div align=right><div id=footer-inner>
<p><a href=https://wiki.alpinelinux.org/wiki/Privacy_Policy#Copyright>© Copyright 2008-2021 Alpine Linux Development Team</a>
all rights reserved </p></div></div></li>
</ul>
<ul id=footer-places>
<li id=footer-places-privacy><a href=https://wiki.alpinelinux.org/wiki/Alpine_Linux:Privacy_policy>Privacy policy</a></li>
<li id=footer-places-about><a href=https://wiki.alpinelinux.org/wiki/Alpine_Linux:About>About</a></li>
<li id=footer-places-disclaimer><a href=https://wiki.alpinelinux.org/wiki/Alpine_Linux:General_disclaimer>Disclaimers</a></li>
</ul>
<ul id=footer-icons class=noprint>
<li id=footer-poweredbyico><a href=https://www.mediawiki.org/><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFgAAAAfCAYAAABjyArgAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAABmJLR0QA/wD/AP+gvaeTAAAOFklEQVRo3u2aeVRUV57HP6+WVxsUFIVUQBRsBbeMQZM0RmPGgEmgCd2azkwcTZsxyxCMS/poEve4TCcdiR0zxy1R1OMcB43RZIiCxhhjNMucKCrBqFEhIAgFFlBQQK3vzh8M1U0Egll6c37n3HPqvXfv797f9/7ub7slAQghpOLi4nkGg+FhWZZtKpVKw98hCSF+1H7fpkAg4HW73Ve9Xu/6kSNH/heAJISQSkpKdsfHxz8YEhKi+6kmv5movr7eWVlZmZuUlDRXKioqmj9o0KBlvQH3b0H7/lrIbrc3lpeXT1HJsvxrk8mkE0LQ+6Z0fm5tgI9/j/C19tzvB7S/5MZ+nxYVFRUuy/KzKr1eH3Wjk0qf7kPavx7R0tgu/EfrobwYzuS1T+C6CmdyoO7THw3gv1T7IaTT6WwalUqluWFGX51CqrmAqvwsyrhJSOVnQQbp/IcQMQjp3H+CqhUhh0HkmJvWXAghZE0gEPjuBV+7hnT1CsJ2C9iika45wAs0NKLatQoiIwA1+N1Ih34HEZEgA8017bxbriAFHAhTIqiNXU7R1NTEG2+8AYDNZiMzMxOLxfJnBWTfvn0YDAZSU1MBaG5uZtWqVaxcufJ7bawQgt5pb30Dqj/8AWQQfaPAUQUdPvFaAygBhM2G5KoBvYQwCRBAXSmqY78FpQ5kUEa9DipDl1M0NDSQm5vL2rVruXTpEuPGjePzzz/HZDL92QC+cOECZrOZlJQUADweD0eOHPneJyYI8HcxEH36IAJq1B4/VNmRrnwDESZE/75IkhGaWsECNLUiZCt4QKovBYMGEdUfdIDGCHLPGhkaGkpqaiqpqank5+fz9ddf4/f72b59O5GRkcyePZsvvviCkJAQxowZw549exgwYAAjR45k+/btTJgwAYfDwZYtW4iMjOTZZ5+loqKCS5cu8cknnzBlyhQaGxvZvXs3CQkJzJgxA7VazaZNmzh9+jRut5sxY8YE8RBCoCgKGzZs4Pz588yZM4eioiIGDBjAqFGjcDgcvPXWW2RnZ3cpj9/vR6Uo3+3pCTPjG5hAIKACLwhrLJRXQasPEXILwtK//X3EQJAjobkF6h0Ina3dlHhBhI5AiJ69ssfjobS0lPfee4+ysjKMRiOzZ89m4cKFJCcnM23aNCwWCxs3bkQIwYYNG8jNzQ3+lmWZmTNnsmDBApKTk1m+fDlVVVUsWrSIjIwMfD4fr7zyCitXrsRoNLJ582Z27NjBmTNnyMnJQZbl60CqqKhg7NixTJw4kSeffJK4uDhWrFiBEIKtW7cSEhLSo0waRVG61Sjnux/gP12C+moVmsZriG9K0UVHorKGIPoPRcQmImKiUSb+BslejoiKRX1oM7iqQSVBQAeNDUgBOwIJtfMiwmxDRN+NYh173XGqra0lJyeH6OhoCgoKKCoqYvz48dhsNu6//37mzJnDqFGjOH/+PF9++SXJyckUFxdTVFTEqFGjKCkpwe128/rrr7cLp9EghODee+/l7rvvZtu2bfh8PnJycnC73cTHx/Pxxx8zdepUjEYjiYmJ19na+Ph4br31VgCysrK4/fbbaWpq4tKlS+Tn5/P+++/3bCJ6cnK+Vi+tpdXoCCD0IWCJRLlQiiExHmlAX/zZz4Oh3WmJuKHtx+KXv0Wqv4r67SVIjqtILeWI2EFIXgHNDiSPg4B1ZJfz9evXj3Xr1gWfa2pqqKioCDpBvV6PJEmMGzeOJUuWsGTJEoxGIytWrGDmzJn07duXyMjITk7p8OHDSJKEEILY2FgSEhI6fV+wYAHV1dUIIXC5XISGhnYyER34OBwOzGYzQgieeeYZpk+fzoQJE5BluVv8AoFAzzY4LPMfcZ06h6emBoGAqBgkawSe+BjUi+eDXg9djBWWaMTU1Wh2zUeYrCCpwNPu+ER4AoGolOvGdRV73nnnnfTp04fJkyfT2NjISy+9hBCCiRMnkpWVxciRIzEajaxdu5Z77rkHrVbL6NGjeeihh9BqtWRkZBATExPkl5KSwp49e5gyZQoej4esrCyeeOIJHn30Ufbt20cgECA6OrrTulpaWsjOzubcuXMsX74cgMzMTObNm8dTTz3VY3ShKArS6dOnqwYPHhzTnZo3Hj1FbU4umvo6DDowRFswjvs5cvbj3+lFNXlLkBwXkTx20LQhbHH47luBiEi80SIKarW61/39fj+SJHU7xuv1otVqkSSp0xiNRtNjNqdSqQA4d+4cOTk5bNmypcd1nDp16pyqO+PsbWzhQs4uKrbsR7FEEAiPwC20eIUG9dR/6lUW5E99EqnZBW4FNJEgdGg/ehl18TZQfL0G7EbABdBoNKhUqm7XpdVqrzs1arW6x2yuw8wIIaiqquKFF174TvkDgUD3UcTXO45yraQSL1q8Khmljw3i4vDJRvylFb0CWLpcgpCtCHM8QmsFjwRegfryR6guvveTpLY7d+7EbrfzzTffcObMmR8cGx89ehSn00lJSQkffvghAKmpqUGHePDgQdxud7e1C1V39mPIU/dhS/s5Po2M2yNwltfR8NUVPB6Bun9s7wLt2MFQW4dUegGpugrR5kcEZHyJD+NP+FWnhVRWVmKxWCgtLe30ftWqVWRkZPQa4MWLF1NaWsrevXvZvHlzl33Onj1LeHg4TU1NCCGw2+2EhoZy4MCBYJ/k5GQOHDjA4sWLOXnyJIcPHw6GhB2tpaWF5557jrKysi5rF0GAu9Q+tYoB/zyG+MfTaGnx41XpEFFReLV66nL39kpYdd56hGxBqM2INj+4/fjum09g6C8AqUvb2OFIOrK7NWvWdPLqR48eJS8vj2vXrgX7Xb58mby8PC5fvhx8l56ezmOPPQbAxYsX2blzJ0eOHEFRFIYOHUp0dDQffPABQggKCgqQJInCwkKEEJSXl1NaWsq4ceNYtGgRw4cP77QGp9PJ3r178fl8LF++nNjY2O5NhN/v7xag1rpmzm4/hmSxoIqNRlgjaGvx0XrVgbfS3rN5qChDqnVAq789GQnrD0KH5oNNCJ+7W1t3/PhxTp48iRCC1atXExoaGhRs5syZzJs3j8LCQu666y7Ky8s5fPgwo0ePZseOHWRmZuJwOAB49913efPNN6murubBBx8kPz+fp59+mqVLlwY34MCBAwDs37+fxx9/nIMHDwJQWFjI+PHjMRgMPP/885w9eza4cS6Xi0mTJnH8+HHMZjPTp0/Hbrd3G0WoekqTi3d+QVubwIsGL2oayuqpv1CDq7KByhWbCTS3dDlOdfkS8u9XItkdqL8sRqq2t2d0HpDsV9EUH+oW4Pnz5/Piiy9SVVVFXl4es2bNAuDKlSvs2rWLTZs2sWzZMsaPH8/WrVtZs2YNs2bNIj8/n8LCQnw+XyeeNpuNEydO8PLLL7N06VL27m0/fWlpaRw6dAiXy8WxY8dYsGABHo+H4uJiCgoKSEtL66S1HSHbww8/jM1mY9WqVZ2+d5vJ9RQHx4weiC5Eh7eukZaLVXhUMpZ/SMSnFTRV1VEx/z8wRVuw/OtElK8uoE78GdIbuWgcdnA6UawWROwQJOc1xIBwlD6RiJhYAta4bjd12rRpbNiwgcmTJ5OVlYXVau24ISAQCLBkyZI/+okhQ6itrWXYsGHBRKVD4zuovLyc9PR0EhISgiAJIRg7diwtLS28+uqrJCUlYbVaeeCBB9i9ezeffvop69ev74SLEIJDhw4RGRlJYmJie4z7f2Fedxhe5+S+jX7fUbGMmDaaO+amIZlD0Pa/BZ9Wj6uhjcYrDbS5fDi/qqB69ks48/bTPGcp3qt1eJytKF9dhmY3QhuC0ieewC0D8fxmPt7URwn0G95tYVutVrNs2TLsdjszZswI
</ul>
</footer>
</div>
</div>
</div>
<div id=p-namespaces style=display:none></div>