63 lines
1.2 KiB
Markdown
63 lines
1.2 KiB
Markdown
# Wireguard Setup
|
|
|
|
## Fedora
|
|
|
|
```bash
|
|
dnf install wireguard
|
|
```
|
|
|
|
/etc/sysctl.d/10-wireguard.conf
|
|
|
|
```conf
|
|
net.ipv4.ip_forward=1
|
|
net.ipv6.conf.all.forwarding=1
|
|
```
|
|
|
|
```bash
|
|
sysctl -p
|
|
```
|
|
|
|
### Server
|
|
|
|
```bash
|
|
wg genkey | tee /etc/wireguard/private.key
|
|
cat /etc/wireguard/private.key | wg pubkey | tee /etc/wireguard/public.key
|
|
```
|
|
|
|
```bash
|
|
cat <<EOF > /etc/wireguard/wg0.conf
|
|
[Interface]
|
|
Address = 10.10.10.1/24,fd10:10:10::1/64
|
|
ListenPort = 51820
|
|
PrivateKey = $(cat /etc/wireguard/private.key)
|
|
SaveConfig = true
|
|
PostUp = iptables -t nat -I POSTROUTING -o bridge0 -j MASQUERADE
|
|
PostUp = ip6tables -t nat -I POSTROUTING -o bridge0 -j MASQUERADE
|
|
PreDown = iptables -t nat -D POSTROUTING -o bridge0 -j MASQUERADE
|
|
PreDown = ip6tables -t nat -D POSTROUTING -o bridge0 -j MASQUERADE
|
|
EOF
|
|
```
|
|
|
|
```bash
|
|
wg set wg0 peer ndUMratPyYXKiOlU6AT5lYI7v3iohBAimgZY3/jsWik= allowed-ips 10.10.10.2,fd10:10:10::2
|
|
```
|
|
|
|
### Client
|
|
|
|
```conf
|
|
[interface]
|
|
PrivateKey = KHgXS7zIqqfb46cfUVKvRZesswZcvib71hhYYcN39mQ=
|
|
Address = 10.10.10.2/32,fd10:10:10::2/32
|
|
|
|
[Peer]
|
|
PublicKey = kzbHUGzYk6Uyan/NFYY5mh3pxf2IX/WzWZtImeyp6Sw=
|
|
Endpoint = 2600:1700:1e6c:a81f:793d:7abf:e94d:9bc4:51820
|
|
AllowedIPs = 0.0.0.0/0,::/0
|
|
```
|
|
|
|
### Testing
|
|
|
|
```bash
|
|
curl -6 icanhazip.com
|
|
```
|