WireGuard setup

From Notes to self

Revision as of 18:49, 4 August 2022 by Verbovet (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

Add to /etc/rc.d/rc.firewall:

# Allow wireguard
$ipt -A INPUT -i eth0 -p udp --dport 51820 -j ACCEPT
$ipt -A INPUT -i wg0 -j ACCEPT
$ipt -A FORWARD -i wg0 -o eth0 -j ACCEPT
$ipt -A FORWARD -i eth0 -o wg0 -j ACCEPT
$ipt -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

# sysctl -w net.ipv4.ip_forward=1

add net.ipv4.ip_forward=1 to /etc/sysctl.conf

# wg genkey > /etc/wireguard/private.key
# chmod 400 /etc/wireguard/private.key
# wg pubkey < /etc/wireguard/private.key > /etc/wireguard/public.key
/etc/wireguard/wg0.conf

[Interface]
Address = 10.8.0.1/24
ListenPort = 51820
PrivateKey = <private key>

[Peer]
# Alice
PublicKey = <Alice's public key>
AllowedIPs = 10.8.0.2/32

[Peer]
# Bob
PublicKey = <Bob's public key>
AllowedIPs = 10.8.0.3/32

Retrieved from "https://alik.ejik.org/index.php?title=WireGuard_setup&oldid=2296"

Linux