## Installation
### Install on Synology NAS
1. 從[synology-wireguard release](https://github.com/runfalk/synology-wireguard/releases)下載對應的SPK，DS1513+是WireGuard-cedarview-1.0.20200729.spk。若不知道該下載哪一個版本，可以查看[這個對照表](https://www.synology.com/en-global/knowledgebase/DSM/tutorial/Compatibility_Peripherals/What_kind_of_CPU_does_my_NAS_have)。
2. 在套件中心裡面手動安裝
3. 用SSH登入

### Install on Ubuntu 20.04
安裝: `sudo apt install wireguard resolvconf`

1. 打開firewall port
    ```
    sudo ufw allow 50100/udp
    ```
2. 打開port forwarding
	`sudo vim /etc/sysctl.conf`
	然後加入這一行，存檔離開
	`net.ipv4.ip_forward=1`
	套用
	`sudo sysctl -p`

## Setup Wireguard
1. Make a folder to store key and config
	```
    mkdir ~/wireguard ; cd ~/wireguard
    ```
2. 生成server的private/public key: `wg genkey | tee server_privateKey | wg pubkey > server_publicKey`
3. 在`/etc/wireguard`裡面，建立`wg0.conf`，如下：
	```
    [Interface]
    Address = 10.0.0.1/24
    ListenPort = 50100
    PrivateKey = 8EELc7SWYbZswluhP0ZEzSkTAINXLlXqdE8J34eak3g=

    PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE
    PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o enp0s3 -j MASQUERADE

    SaveConfig = true
    DNS = 8.8.8.8

    # Awin
    [Peer]
    PublicKey = dB9l0rROSHyp3C6Odykdu69sU1k7XrOEa33ibx10I00=
    AllowedIPs = 10.0.0.2/32

    # Dean
    [Peer]
    PublicKey = N8kOoy3x4rsM1XDekrzLVQJ7Eo9Cb/vcQ07btzEK41Q=
    AllowedIPs = 10.0.0.3/32
    ```
	注意文中的`[Interface]`中的`PrivateKey`要替換成你自己生成的key，可以用`cat server_privateKey`與`cat server_publicKey`來取得。
4. 生成user private/public key: `wg genkey | tee <user_name>_privateKey | wg pubkey > <user_name>_publicKey`
    1. 例如要給awin的key: `wg genkey | tee awin_privateKey | wg pubkey > awin_publicKey`
5. 建立user的config，例如給awin的config: 
	建立`awin.conf`，內容如下：
    ```
    [Interface]
	PrivateKey = OBN3ORMdpaz7pHTSlkyCXHvgLTbXnmB2kxJTCyrr3F4=
    Address = 10.0.0.2/24
    DNS = 8.8.8.8

    [Peer]
    PublicKey = 15Sy2MRW1yKWLzA03MciOkR7qvpxSXfmQtkMj9xOzj0=
    AllowedIPs = 0.0.0.0/0, ::0/0
    Endpoint = vpn.awin.one:50100
    ```
6. 把user config生成QR code，方便掃描: 
	- `sudo grep -v '^#' /etc/wireguard/<user_name>.conf | qrencode -t ansiutf8`
	- `qrencode -t ansiutf8 < <user_name>.conf`
	- 兩個都可以
7. 重啟Wireguard
	```
    sudo wg-quick up wg0; \
    sleep 5; \
    sudo wg-quick down wg0; \
    sleep 5; \
    sudo wg-quick up wg0
    ```
    另一個:
    `sudo wg-quick down wg0 ; sudo cp ./wg0.conf /etc/wireguard/wg0.conf ; sudo wg-quick up wg0 ; sudo wg show wg0`
8. 查看Wireguard狀態: `sudo wg`

## Troubleshooting
That will tell you whether your packets are reaching the remote server, or if they're not getting through the tunnel.
- On the remote server: `sudo tcpdump -i wg0`
- On local machine: `ping -c1 <server_ip>`

## Helper
寫了一個script來copy config，這樣就可以在Windows直接編輯。
```
#!/bin/env bash

sudo cp /volume1/homes/awin/Temp/wg0.conf .
sudo cp /volume1/homes/awin/Temp/awin.conf .
sudo cp /volume1/homes/awin/Temp/dean.conf .

sudo wg-quick down wg0
sleep 5
sudo wg-quick up wg0
sleep 5
sudo wg-quick down wg0
sleep 5
sudo wg-quick up wg0
```

----------

參考資料:
- https://github.com/runfalk/synology-wireguard
- https://notes.wadeism.net/linux/680/
- [『Atrandys』wireguard配置文件讲解 | 配置多用户 - YouTube](https://www.youtube.com/watch?v=X4doKJmjE4o&feature=youtu.be)