Update README

This commit is contained in:
Manevolent 2021-09-21 18:06:00 -06:00
parent 3fabf8c73e
commit 45b9cfc49e
No known key found for this signature in database
GPG Key ID: 2E9B7592DFA4F344

View File

@ -39,6 +39,16 @@ For GitHub, at this time the contents would be:
Don't take my word for it, see: https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints
**Optional: Generate a WireGuard key**
You only need to do this if you are setting `wg_enabled`=1, for example when you want to service VPN clients from a "master" node. See **Wireguard Options** for more information on how to do that.
See: https://www.wireguard.com/quickstart/
```
apk add -U wireguard-tools
wg genkey | tee privatekey | wg pubkey > publickey
```
#### Install/Update:
1. Read and follow the prerequisites above and make sure you are ready to install.
@ -186,7 +196,7 @@ These settings are optional, and are already defaulted to general network common
#### Wireguard options
Keep in mind that Wireguard is presently an auxilliary satellite connection point. Because of this, you shouldn't re-use any IP addresses related to WG. Consider planning a piece (/32, see `wg_prefix`) of your network (i.e. 172.31.1.z) where `z` is an unused address (or your ASN number, like 8, 16, so on) and setting that to `wg_address`. This is generally only desired on "master" or globally-reachable/hosted nodes to construct an overlay VPN. If a node is hosting WireGuard clients, they can send traffic into other nodes but likely won't receive any traffic back unless `wg_routes` is set correctly so BIRD can export peer addresses into the BGP routing framework.
Keep in mind that Wireguard is presently an auxilliary satellite connection point. Because of this, you shouldn't re-use any IP addresses related to WG. Consider planning a piece (/32, see `wg_prefix`) of your network (i.e. 172.31.1.z) where `z` is an unused address (or your ASN number, like 8, 16, so on) and setting that to `wg_address`. This is generally only desired on "master" or globally-reachable/hosted nodes to construct an overlay VPN. If a node is hosting WireGuard clients, they can send traffic into other nodes but likely won't receive any traffic back unless `wg_routes` is set so BIRD can export peer addresses into the BGP routing framework.
* `wg_enabled`: Set to 1 to enable WireGuard. Defaults to 0/disabled.
* `wg_key`: Required if `wg_enabled`=1. The private key to use for the Wireguard peering point.