35 lines
1.4 KiB
Bash
35 lines
1.4 KiB
Bash
apt-get update
|
|
apt-get upgrade -y
|
|
apt-get install -y raspberrypi-kernel-headers
|
|
echo "deb http://deb.debian.org/debian/ unstable main" | sudo tee --append /etc/apt/sources.list.d/unstable.list
|
|
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8B48AD6246925553
|
|
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7638D0442B90D010
|
|
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC
|
|
printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' | sudo tee --append /etc/apt/preferences.d/limit-unstable
|
|
apt update
|
|
apt install -y wireguard qrencode
|
|
|
|
cat > /etc/sysctl.conf <<EOF
|
|
net.ipv4.ip_forward=1
|
|
net.ipv6.conf.all.forwarding=1
|
|
EOF
|
|
|
|
cd /etc/wireguard
|
|
umask 077
|
|
export PRIVKEY=$(wg genkey)
|
|
echo $PRIVKEY | tee privatekey | wg pubkey | tee publickey
|
|
echo $PRIVKEY | tee --append /etc/wireguard/wg0.conf
|
|
cat > /etc/wireguard/wg0.conf <<EOF
|
|
[Interface]
|
|
Address = 10.10.0.1/24
|
|
Address = fd86:ea04:1111::1/64
|
|
SaveConfig = true
|
|
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
|
|
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o ens3 -j MASQUERADE
|
|
ListenPort = 51820
|
|
PrivateKey = $PRIVKEY
|
|
EOF
|
|
|
|
sysctl -p
|
|
wg-quick up wg0
|
|
wg |