zsh and wireguard updates
This commit is contained in:
62
wireguard/README.md
Normal file
62
wireguard/README.md
Normal file
@@ -0,0 +1,62 @@
|
||||
# Wireguard Setup
|
||||
|
||||
## Fedora
|
||||
|
||||
```bash
|
||||
dnf install wireguard
|
||||
```
|
||||
|
||||
/etc/sysctl.d/10-wireguard.conf
|
||||
|
||||
```conf
|
||||
net.ipv4.ip_forward=1
|
||||
net.ipv6.conf.all.forwarding=1
|
||||
```
|
||||
|
||||
```bash
|
||||
sysctl -p
|
||||
```
|
||||
|
||||
### Server
|
||||
|
||||
```bash
|
||||
wg genkey | tee /etc/wireguard/private.key
|
||||
cat /etc/wireguard/private.key | wg pubkey | tee /etc/wireguard/public.key
|
||||
```
|
||||
|
||||
```bash
|
||||
cat <<EOF > /etc/wireguard/wg0.conf
|
||||
[Interface]
|
||||
Address = 10.10.10.1/24,fd10:10:10::1/64
|
||||
ListenPort = 51820
|
||||
PrivateKey = $(cat /etc/wireguard/private.key)
|
||||
SaveConfig = true
|
||||
PostUp = iptables -t nat -I POSTROUTING -o bridge0 -j MASQUERADE
|
||||
PostUp = ip6tables -t nat -I POSTROUTING -o bridge0 -j MASQUERADE
|
||||
PreDown = iptables -t nat -D POSTROUTING -o bridge0 -j MASQUERADE
|
||||
PreDown = ip6tables -t nat -D POSTROUTING -o bridge0 -j MASQUERADE
|
||||
EOF
|
||||
```
|
||||
|
||||
```bash
|
||||
wg set wg0 peer ndUMratPyYXKiOlU6AT5lYI7v3iohBAimgZY3/jsWik= allowed-ips 10.10.10.2,fd10:10:10::2
|
||||
```
|
||||
|
||||
### Client
|
||||
|
||||
```conf
|
||||
[interface]
|
||||
PrivateKey = KHgXS7zIqqfb46cfUVKvRZesswZcvib71hhYYcN39mQ=
|
||||
Address = 10.10.10.2/32,fd10:10:10::2/32
|
||||
|
||||
[Peer]
|
||||
PublicKey = kzbHUGzYk6Uyan/NFYY5mh3pxf2IX/WzWZtImeyp6Sw=
|
||||
Endpoint = 2600:1700:1e6c:a81f:793d:7abf:e94d:9bc4:51820
|
||||
AllowedIPs = 0.0.0.0/0,::/0
|
||||
```
|
||||
|
||||
### Testing
|
||||
|
||||
```bash
|
||||
curl -6 icanhazip.com
|
||||
```
|
||||
37
wireguard/add_client.sh
Normal file
37
wireguard/add_client.sh
Normal file
@@ -0,0 +1,37 @@
|
||||
#!/bin/bash
|
||||
|
||||
export CLIENT_NAME=$1
|
||||
export CLIENT_IP_SUFFIX=$2
|
||||
|
||||
if [ -z $CLIENT_NAME ];
|
||||
then echo 'Client name required. `./add_client.sh client_name 3`';
|
||||
exit 1;
|
||||
fi
|
||||
|
||||
if [ -z $CLIENT_IP_SUFFIX ];
|
||||
then echo 'Client IP suffix. `./add_client.sh client_name 3`';
|
||||
exit 1;
|
||||
fi
|
||||
|
||||
export SERVER_PUBKEY=$(cat /etc/wireguard/publickey)
|
||||
mkdir /etc/wireguard/$CLIENT_NAME
|
||||
cd /etc/wireguard/$CLIENT_NAME
|
||||
export PRIVKEY=$(wg genkey)
|
||||
echo $PRIVKEY | tee $CLIENT_NAME"_privkey"
|
||||
export PUBKEY=$(echo $PRIVKEY | wg pubkey)
|
||||
echo $PUBKEY | tee $CLIENT_NAME"_pubkey"
|
||||
|
||||
cat > $CLIENT_NAME".conf" <<EOF
|
||||
[Interface]
|
||||
PrivateKey = $PRIVKEY
|
||||
Address = 10.10.0.$CLIENT_IP_SUFFIX/32, fd86:ea04:1111::$CLIENT_IP_SUFFIX/128
|
||||
DNS = 1.1.1.1,1.0.01
|
||||
|
||||
[Peer]
|
||||
PublicKey = $SERVER_PUBKEY
|
||||
Endpoint = yellow.reeselink.com:51820
|
||||
AllowedIPs = 0.0.0.0/0, ::/0
|
||||
EOF
|
||||
|
||||
wg set wg0 peer $PUBKEY allowed-ips 10.10.0.$CLIENT_IP_SUFFIX/32,fd86:ea04:1111::$CLIENT_IP_SUFFIX/128
|
||||
wg-quick save wg0
|
||||
Reference in New Issue
Block a user