Search Results

Route48 is a free service that provides PA IPv6 address space, to anyone signing up with a valid reason. You must sign up with your real name and email or you will be banned. You can obtain up to 5 /44s of IPv6 address space, and you can ask for more provided ...

Generating a public and private key in wireguard is super easy! You'll know how to do it in a matter of seconds :D To generate a private key you should run this wg genkey | sudo tee /path/to/where/you/want/your/private.key This will generate your private ke...

The PostDown similar to the others is the inverse of PostUp and will run commands on the successful destruction of the tunnel. useful for removing things you added for the tunnel to work initially Example below! PostDown = ip ro del 1.1.1.1 dev eth0 via 4.4....

The PreDown command is used to run commands on request the tunnel be destroyed/brought down, it's the inverse of PreUp and is useful to remove things added on the construction of the tunnel that depend on it existing, like IP addresses on it's interface Examp...

Similar to Preup PostUp is used to run commands, but PostUp runs after the tunnel is up and running. This is useful for adding firewall rules or internal to tunnel routes after it's been built. Example is below PostUp = ip addr add 4.5.6.2/32 dev wg0

PreUp is used to run a command before your tunnel interface is brought up. This command can also be used more than once, and is very useful for adding static routes for tunnels that accept full BGP tables and other specific use cases Example is below PreUp =...

The MTU flag as you would probably guess sets the MTU of the tunnel, it's default is 1420 or whatever your upstream internet line is set to. but using this command you can lower this (or raise it, but be warned unless your entire path supports jumbo frames thi...

The Table flag is crucially important for use with more advanced setups, like passing BGP traffic and routes via a wireguard tunnel, there are multiple options, auto being the default, where wireguard makes it's own table and adds routes by itself, which is fi...

The DNS config flag sets the DNS servers for use with the tunnel, and is generally set on devices redirecting all there traffic via a bounce node (typical commercial VPN style setup) Example usage isDns = 1.1.1.1For more than one, separate the values with com...

The PrivateKey config option defines the private key for the node you are configuring. Not much else to say about this besides Do not give your private key to anyone Example is PrivateKey = thisisaprivatekeybcdabcdabcdabcda= You can learn how to generate a p...

Installing the pathvector routing platform isn't particularly difficult, but I figured I will make this page to be comprehensive in the knowledge on this system. This document will assume you are using debian 11, which is a good linux distro for routing. You ...

ListenPort is a config option for hard programming a port to bind to, this is typically used on routers/bounce nodes/relays that are relaying traffic for other devices. Wireguard is always UDP and cannot be set to use TCP. Example usage is ListenPort = 1600Th...

Address This config option defines the addresses for the device being configured. It goes under the [Interface] config block and it varies depending on what the wireguard node is doing. If this node is acting as a router for other clients on the network (boun...

The [Interface] config option for the local device running the tunnel Used as [Interface]

a network packet is a formatted unit of data carried by a switching network. A packet consists of control information and user data, the latter is also known as the payload. Control information provides data for delivering the packet to it's destination. Typic...

CG-NAT or Carrier-Grade NAT is a deployment of NAT that is done at the ISP scale, and it's extremely disliked among users as it completely breaks the ability to open ports or services at your home without utilizing a tunneling mechanism to an outside server. I...

NAT stands for Network Address Translation, and it's generally used with regards to allowing a larger number of client devices to share one public IPv4 address, due to the exhaustion of the IPv4 address pool. It tends to break things like peer to peer communic...

WireGuard works by using cryptographic keys to encapsulate packets, then sending them using it's own routing table, It's generally regarded as a secure and fast way to send packets, and is highly scalable and deployable!

WireGuard is a fairly new Layer 3 VPN protocol that runs on top of UDP. It's main selling points are that it is very easy to configure and also very fast (It can easily reach speeds in excess of 1 Gbit/s without much resource utilization). It is available for...

[Peer] is used for defining the VPN settings for a remote node capable of routing traffic for one or more addresses being itself and other devices attached to it. Peers can be either a router style box that passes traffic to other peers, or a client via LAN/in...