Wireguard keys are now automatically generate by archipel CLI. You do not need anymore to generate them manually. They are all generate with archipel CLI. The following doc explaining how to generate them and how Wireguard keys works is on educational purpose only for curious developers.
The Archipel chain and services use a secure VPN Wireguard.
This shortcut can be used to generate and display public/private key pairs to use for the server or clients
docker run -it --rm cmulk/wireguard-docker:buster genkeys
Create a specific folder and generate key on a secure device with all securities regarding privates keys generation in crypto in general (internet cut-off etc ...).
The minimal nodes of an archipel is 3. You need to generate keys for this 3 nodes.
You can generate those keys step-by-step to understand better and repeat 3 times for the 3 nodes. There is also a full steps command line to generate quickly when you master it like a ninja.
docker run -it --rm cmulk/wireguard-docker:buster genkeys > archipel-node1-wg.keys
repeat the same commands above for node 2 and node 3. Or use this shortcut loop :
for i in `seq 1 3`; do echo "create wireguard keys archipel-node$i-wg" && docker run -it --rm cmulk/wireguard-docker:buster genkeys > archipel-node$i-wg.keys ; done
In your foder you must have now 3 files :
archipel-node1-wg.keys
archipel-node2-wg.keys
archipel-node3-wg.keys
Private Key: 2APJn3Sj9bTG5NHWquj/L/bzLOjr0lcEyUZ/MRp/YlY=
-
WIREGUARD_PRIVATE_KEY=
Private Key
find into yourarchipel-node1|2|3-wg.keys
file. -
WIREGUARD_PEERS_PUB_ADDR='Public Key of archipel-node1-wg.keys','Public Key of archipel-node2-wg.keys ','Public Key of archipel-node3-wg.keys '
WIREGUARD_PEERS_PUB_ADDR
are the same values for your 3 archipel nodes.
Lazy ? Here a utils commands to generate WIREGUARD_PEERS_PUB_ADDR
value from files :
- ARCHIPEL_KEY_SEED select line according to node number you whant to valorize
export WIREGUARD_PRIVATE_KEY=$(cat archipel-node1-wg.keys| grep Private| cut -d":" -f2| sed -e 's/^[[:space:]]*//')
or
export WIREGUARD_PRIVATE_KEY=$(cat archipel-node2-wg.keys| grep Private| cut -d":" -f2| sed -e 's/^[[:space:]]*//')
or
export WIREGUARD_PRIVATE_KEY=$(cat archipel-node3-wg.keys| grep Private| cut -d":" -f2| sed -e 's/^[[:space:]]*//')
- WIREGUARD_PEERS_PUB_ADDR
export WIREGUARD_PUBLIC_KEY_1=$(cat archipel-node1-wg.keys | grep Public | cut -d":" -f2 | sed -e 's/^[[:space:]]*//')
export WIREGUARD_PUBLIC_KEY_2=$(cat archipel-node2-wg.keys | grep Public | cut -d":" -f2 | sed -e 's/^[[:space:]]*//')
export WIREGUARD_PUBLIC_KEY_3=$(cat archipel-node3-wg.keys | grep Public | cut -d":" -f2 | sed -e 's/^[[:space:]]*//')
echo $WIREGUARD_PUBLIC_KEY_1
echo $WIREGUARD_PUBLIC_KEY_2
echo $WIREGUARD_PUBLIC_KEY_3
To create WIREGUARD_PEERS_PUB_ADDR, manually concat WIREGUARD_PUBLIC_KEY_1
, WIREGUARD_PUBLIC_KEY_3
and WIREGUARD_PUBLIC_KEY_3
separated by ,