WireGuard setup: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
m Verbovet moved page WireGuard set up to WireGuard setup without leaving a redirect |
||
| (5 intermediate revisions by the same user not shown) | |||
| Line 8: | Line 8: | ||
$ipt -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE | $ipt -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE | ||
</pre> | </pre> | ||
* # sysctl -w net.ipv4.ip_forward=1 | * <code># sysctl -w net.ipv4.ip_forward=1</code> | ||
:* add <code>net.ipv4.ip_forward=1</code> to <code>/etc/sysctl.conf</code> | :* add <code>net.ipv4.ip_forward=1</code> to <code>/etc/sysctl.conf</code> | ||
* # | * <code># touch /etc/wireguard/private.key</code> | ||
* # chmod 400 /etc/wireguard/private.key | * <code># chmod 400 /etc/wireguard/private.key</code> | ||
* # wg pubkey < /etc/wireguard/private.key > /etc/wireguard/public.key | * <code># wg genkey > /etc/wireguard/private.key</code> | ||
* /etc/wireguard/wg0.conf | * <code># wg pubkey < /etc/wireguard/private.key > /etc/wireguard/public.key</code> | ||
* <code>/etc/wireguard/wg0.conf</code> | |||
<pre> | <pre> | ||
[Interface] | [Interface] | ||
| Line 29: | Line 30: | ||
PublicKey = <Bob's public key> | PublicKey = <Bob's public key> | ||
AllowedIPs = 10.8.0.3/32 | AllowedIPs = 10.8.0.3/32 | ||
</pre> | |||
* <code># chmod 400 /etc/wireguard/wg0.conf</code> | |||
* <code>/etc/rc.d/rc.wg</code> | |||
<pre> | |||
#!/bin/bash | |||
# Start/stop/restart WireGuard. | |||
wg_start() { | |||
if [ -r /run/wireguard.pid ]; then | |||
echo "WireGuard already running as pid $(cat /run/wireguard.pid)!" | |||
return | |||
fi | |||
echo -n "Starting WireGuard: /usr/bin/wg-quick up wg0" | |||
/usr/bin/wg-quick up wg0 | |||
grep "^wg-crypt-wg0" /proc/*/comm \ | |||
| sed 's,^/proc/,,;s,/.*,,' > /run/wireguard.pid | |||
echo | |||
} | |||
wg_stop() { | |||
echo -n "Stopping WireGuard: /usr/bin/wg-quick down wg0" | |||
/usr/bin/wg-quick down wg0 | |||
rm -f /run/wireguard.pid | |||
echo | |||
} | |||
wg_restart() { | |||
wg_stop | |||
sleep 1 | |||
wg_start | |||
} | |||
wg_status() { | |||
if [ -r /run/wireguard.pid ]; then | |||
echo "WireGuard is running as pid $(cat /run/wireguard.pid)." | |||
echo | |||
/usr/bin/wg show | |||
else | |||
echo "WireGuard is stopped." | |||
exit 1 | |||
fi | |||
} | |||
case "$1" in | |||
'start') | |||
wg_start | |||
;; | |||
'stop') | |||
wg_stop | |||
;; | |||
'restart') | |||
wg_restart | |||
;; | |||
'status') | |||
wg_status | |||
;; | |||
*) | |||
echo "usage $0 start|stop|restart|status" | |||
esac | |||
</pre> | |||
* <code>chmod +x /etc/rc.d/rc.wg</code> | |||
* <code>/etc/rc.d/rc.local</code> | |||
<pre> | |||
# Start WireGuard | |||
if [ -x /etc/rc.d/rc.wg ]; then | |||
/etc/rc.d/rc.wg start | |||
fi | |||
</pre> | |||
* <code>/etc/rc.d/rc.local_shutdown</code> | |||
<pre> | |||
# Stop WireGuard | |||
if [ -x /etc/rc.d/rc.wg ]; then | |||
/etc/rc.d/rc.wg stop | |||
fi | |||
</pre> | </pre> | ||
[[Category: Linux]] | [[Category: Linux]] | ||
Latest revision as of 21:27, 11 October 2024
- Add to
/etc/rc.d/rc.firewall:
# Allow wireguard $ipt -A INPUT -i eth0 -p udp --dport 51820 -j ACCEPT $ipt -A INPUT -i wg0 -j ACCEPT $ipt -A FORWARD -i wg0 -o eth0 -j ACCEPT $ipt -A FORWARD -i eth0 -o wg0 -j ACCEPT $ipt -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
# sysctl -w net.ipv4.ip_forward=1
- add
net.ipv4.ip_forward=1to/etc/sysctl.conf
- add
# touch /etc/wireguard/private.key# chmod 400 /etc/wireguard/private.key# wg genkey > /etc/wireguard/private.key# wg pubkey < /etc/wireguard/private.key > /etc/wireguard/public.key/etc/wireguard/wg0.conf
[Interface] Address = 10.8.0.1/24 ListenPort = 51820 PrivateKey = <private key> [Peer] # Alice PublicKey = <Alice's public key> AllowedIPs = 10.8.0.2/32 [Peer] # Bob PublicKey = <Bob's public key> AllowedIPs = 10.8.0.3/32
# chmod 400 /etc/wireguard/wg0.conf/etc/rc.d/rc.wg
#!/bin/bash
# Start/stop/restart WireGuard.
wg_start() {
if [ -r /run/wireguard.pid ]; then
echo "WireGuard already running as pid $(cat /run/wireguard.pid)!"
return
fi
echo -n "Starting WireGuard: /usr/bin/wg-quick up wg0"
/usr/bin/wg-quick up wg0
grep "^wg-crypt-wg0" /proc/*/comm \
| sed 's,^/proc/,,;s,/.*,,' > /run/wireguard.pid
echo
}
wg_stop() {
echo -n "Stopping WireGuard: /usr/bin/wg-quick down wg0"
/usr/bin/wg-quick down wg0
rm -f /run/wireguard.pid
echo
}
wg_restart() {
wg_stop
sleep 1
wg_start
}
wg_status() {
if [ -r /run/wireguard.pid ]; then
echo "WireGuard is running as pid $(cat /run/wireguard.pid)."
echo
/usr/bin/wg show
else
echo "WireGuard is stopped."
exit 1
fi
}
case "$1" in
'start')
wg_start
;;
'stop')
wg_stop
;;
'restart')
wg_restart
;;
'status')
wg_status
;;
*)
echo "usage $0 start|stop|restart|status"
esac
chmod +x /etc/rc.d/rc.wg/etc/rc.d/rc.local
# Start WireGuard if [ -x /etc/rc.d/rc.wg ]; then /etc/rc.d/rc.wg start fi
/etc/rc.d/rc.local_shutdown
# Stop WireGuard if [ -x /etc/rc.d/rc.wg ]; then /etc/rc.d/rc.wg stop fi