Update README
This commit is contained in:
parent
3fabf8c73e
commit
45b9cfc49e
12
README.md
12
README.md
@ -39,6 +39,16 @@ For GitHub, at this time the contents would be:
|
||||
|
||||
Don't take my word for it, see: https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints
|
||||
|
||||
**Optional: Generate a WireGuard key**
|
||||
|
||||
You only need to do this if you are setting `wg_enabled`=1, for example when you want to service VPN clients from a "master" node. See **Wireguard Options** for more information on how to do that.
|
||||
|
||||
See: https://www.wireguard.com/quickstart/
|
||||
```
|
||||
apk add -U wireguard-tools
|
||||
wg genkey | tee privatekey | wg pubkey > publickey
|
||||
```
|
||||
|
||||
#### Install/Update:
|
||||
|
||||
1. Read and follow the prerequisites above and make sure you are ready to install.
|
||||
@ -186,7 +196,7 @@ These settings are optional, and are already defaulted to general network common
|
||||
|
||||
#### Wireguard options
|
||||
|
||||
Keep in mind that Wireguard is presently an auxilliary satellite connection point. Because of this, you shouldn't re-use any IP addresses related to WG. Consider planning a piece (/32, see `wg_prefix`) of your network (i.e. 172.31.1.z) where `z` is an unused address (or your ASN number, like 8, 16, so on) and setting that to `wg_address`. This is generally only desired on "master" or globally-reachable/hosted nodes to construct an overlay VPN. If a node is hosting WireGuard clients, they can send traffic into other nodes but likely won't receive any traffic back unless `wg_routes` is set correctly so BIRD can export peer addresses into the BGP routing framework.
|
||||
Keep in mind that Wireguard is presently an auxilliary satellite connection point. Because of this, you shouldn't re-use any IP addresses related to WG. Consider planning a piece (/32, see `wg_prefix`) of your network (i.e. 172.31.1.z) where `z` is an unused address (or your ASN number, like 8, 16, so on) and setting that to `wg_address`. This is generally only desired on "master" or globally-reachable/hosted nodes to construct an overlay VPN. If a node is hosting WireGuard clients, they can send traffic into other nodes but likely won't receive any traffic back unless `wg_routes` is set so BIRD can export peer addresses into the BGP routing framework.
|
||||
|
||||
* `wg_enabled`: Set to 1 to enable WireGuard. Defaults to 0/disabled.
|
||||
* `wg_key`: Required if `wg_enabled`=1. The private key to use for the Wireguard peering point.
|
||||
|
Loading…
x
Reference in New Issue
Block a user