WireGuard setup: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
m Verbovet moved page WireGuard set up to WireGuard setup without leaving a redirect |
||
| (One intermediate revision by the same user not shown) | |||
| Line 91: | Line 91: | ||
</pre> | </pre> | ||
* <code>chmod +x /etc/rc.d/rc.wg</code> | * <code>chmod +x /etc/rc.d/rc.wg</code> | ||
* <code>/etc/rc.d/rc.local</code> | |||
<pre> | |||
# Start WireGuard | |||
if [ -x /etc/rc.d/rc.wg ]; then | |||
/etc/rc.d/rc.wg start | |||
fi | |||
</pre> | |||
* <code>/etc/rc.d/rc.local_shutdown</code> | |||
<pre> | |||
# Stop WireGuard | |||
if [ -x /etc/rc.d/rc.wg ]; then | |||
/etc/rc.d/rc.wg stop | |||
fi | |||
</pre> | |||
[[Category: Linux]] | [[Category: Linux]] | ||
Latest revision as of 21:27, 11 October 2024
- Add to
/etc/rc.d/rc.firewall:
# Allow wireguard $ipt -A INPUT -i eth0 -p udp --dport 51820 -j ACCEPT $ipt -A INPUT -i wg0 -j ACCEPT $ipt -A FORWARD -i wg0 -o eth0 -j ACCEPT $ipt -A FORWARD -i eth0 -o wg0 -j ACCEPT $ipt -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
# sysctl -w net.ipv4.ip_forward=1
- add
net.ipv4.ip_forward=1to/etc/sysctl.conf
- add
# touch /etc/wireguard/private.key# chmod 400 /etc/wireguard/private.key# wg genkey > /etc/wireguard/private.key# wg pubkey < /etc/wireguard/private.key > /etc/wireguard/public.key/etc/wireguard/wg0.conf
[Interface] Address = 10.8.0.1/24 ListenPort = 51820 PrivateKey = <private key> [Peer] # Alice PublicKey = <Alice's public key> AllowedIPs = 10.8.0.2/32 [Peer] # Bob PublicKey = <Bob's public key> AllowedIPs = 10.8.0.3/32
# chmod 400 /etc/wireguard/wg0.conf/etc/rc.d/rc.wg
#!/bin/bash
# Start/stop/restart WireGuard.
wg_start() {
if [ -r /run/wireguard.pid ]; then
echo "WireGuard already running as pid $(cat /run/wireguard.pid)!"
return
fi
echo -n "Starting WireGuard: /usr/bin/wg-quick up wg0"
/usr/bin/wg-quick up wg0
grep "^wg-crypt-wg0" /proc/*/comm \
| sed 's,^/proc/,,;s,/.*,,' > /run/wireguard.pid
echo
}
wg_stop() {
echo -n "Stopping WireGuard: /usr/bin/wg-quick down wg0"
/usr/bin/wg-quick down wg0
rm -f /run/wireguard.pid
echo
}
wg_restart() {
wg_stop
sleep 1
wg_start
}
wg_status() {
if [ -r /run/wireguard.pid ]; then
echo "WireGuard is running as pid $(cat /run/wireguard.pid)."
echo
/usr/bin/wg show
else
echo "WireGuard is stopped."
exit 1
fi
}
case "$1" in
'start')
wg_start
;;
'stop')
wg_stop
;;
'restart')
wg_restart
;;
'status')
wg_status
;;
*)
echo "usage $0 start|stop|restart|status"
esac
chmod +x /etc/rc.d/rc.wg/etc/rc.d/rc.local
# Start WireGuard if [ -x /etc/rc.d/rc.wg ]; then /etc/rc.d/rc.wg start fi
/etc/rc.d/rc.local_shutdown
# Stop WireGuard if [ -x /etc/rc.d/rc.wg ]; then /etc/rc.d/rc.wg stop fi