client.conf

1. $ cat /etc/systemd/system/netns.service
2.  
3. [Unit]
4. Description=Network Namespace Service
5.  
6. [Service]
7. Type=oneshot
8. RemainAfterExit=yes
9. ExecStart=/bin/ip netns add physical
10. ExecStart=/bin/ip link set enp3s0 down
11. ExecStart=/bin/ip link set wlp2s0b1 down
12. ExecStart=/bin/ip link set enp3s0 netns physical
13. ExecStart=/bin/iw phy phy0 set netns name physical
14. ExecStart=/bin/ip -n physical link add wg0 type wireguard
15. ExecStart=/bin/ip -n physical systemctl start systemd-networkd.service
16. ExecStart=/bin/wg setconf wg0 /etc/wireguard/client.conf
17. ExecStart=/bin/ip address add fc00:20/7 dev wg0
18. ExecStart=/bin/ip link set wg0 up
19. ExecStart=/bin/ip -6 route add default dev wg0
20. ExecStop=/bin/ip -n physical link set enp3s0 down
21. ExecStop=/bin/ip -n physical link set wlp2s0b1 down
22. ExecStop=/bin/ip -n physical link set enp3s0 netns 1
23. ExecStop=/bin/ip netns exec physical iw phy phy0 set netns 1
24. ExecStop=/bin/ip netns exec physical systemctl stop systemd-networkd.service
25. ExecStop=/bin/ip link del wg0
26. ExecStop=/bin/ip netns del physical
27.  
28. [Install]
29. WantedBy=multi-user.target
30.  
31.  
32.  
33. $ cat /etc/systemd/network/ethernet-dhcp.network
34.  
35. [Match]
36. Name=enp3s0
37.  
38. [Network]
39. DHCP=ipv6
40.  
41.  
42.  
43. $ cat /etc/wireguard/client.conf
44.  
45. [Interface]
46. PrivateKey = OAT5r6E1hid***iVBnY=
47. ListenPort = 52345
48.  
49. [Peer]
50. PublicKey = aMC3f6kw***UDQVwo=
51. EndPoint = [2a01:4f8:***:***::5]:40111
52. AllowedIPs = fc00::10/7
53.  
54.  
55.  
56. $ wg
57.  
58. interface: wg0
59. public key: vWjIpwbIZD***4gR2zQE=
60. private key: (hidden)
61. listening port: 52345
62.  
63. peer: aMC3f6kw***UDQVwo=
64. endpoint: [2a01:4f8:***:***::5]:40111
65. allowed ips: fc00::10/7
66. latest handshake: 14 seconds ago
67. bandwidth: 42.15 KiB received, 51.31 KiB sent
68.  
69.  
70.  
71. $ ip a
72.  
73. 1: lo: <LOOPBACK> mtu 65536 qdisc noqueue state DOWN group default qlen 1
74. link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
75. inet 127.0.0.1/8 scope host lo
76. valid_lft forever preferred_lft forever
77. 4: wg0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1423 qdisc noqueue state UNKNOWN group default qlen 1
78. link/none
79. inet6 fc00::20/7 scope global
80. valid_lft forever preferred_lft forever
81. inet6 fe80::52**:****:**5a:c6bd/64 scope link flags 800
82. valid_lft forever preferred_lft forever
83.  
84.  
85.  
86. $ ip -6 route
87.  
88. fc00::/7 dev wg0 proto kernel metric 256 pref medium
89. fe80::/64 dev wg0 proto kernel metric 256 pref medium
90. default dev wg0 metric 1024 pref medium
91.  
92.  
93.  
94. $ ip netns exec physical ip a
95.  
96. 1: lo: <LOOPBACK> mtu 65536 qdisc noqueue state DOWN group default qlen 1
97. link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
98. 2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc state UP group default qlen 1000
99. link/ether f0:de:f1:b1:54:58 brd ff:ff:ff:ff:ff:ff
100. inet6 2a02:2698:****:***:****:****:feb1:5458/64 scope global mngtmpaddr dynamic
101. valid_lft 595sec preferred_lft 595sec
102. inet6 fe80::f2**:****:**b1:5458/64 scope link
103. valid_lft forever preferred_lft forever
104. 3: wlp2s0b1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
105. link/ether 64:27:37:01:4d:10 brd ff:ff:ff:ff:ff:ff