services/wireguard
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

init

Browse Source
This commit is contained in:
ducoterra
2020-08-10 22:10:06 -04:00
commit 0aaf4f4461
3 changed files with 144 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
README.md Normal file
View File

@@ -0,0 +1,78 @@
# Wireguard
## Peers
| Server | Client | PubKey | IP |
| ------ | --------------- | -------------------------------------------- | --- |
| gold | gold | G/zeQG4Q/IZhqIGc7v2HNXIMmhp74vQBdbDCwOXDihQ= | 1 |
| gold | DucoBook | /IwuCiWR2gtjha4x5ZYkTD5e3My+i7wpJ8rC0AMhejI= | 2 |
| gold | Patrick Windows | GgRgmWmlfIqCZq8iRY4U5mgKabDCg28vjVxA7ZLRckk= | 3 |
| gold | Patrick Linux | pvgRCYpdeHWywSVvkQQc+Xi0oyEaojxDnhcHTw7Vgn0= | 4 |
| gold | Nic Macbook | LhuYXBg0gtZsO3I+i1M51DotlKm8YY+LosexW+uBOSQ= | 5 |
| gold | Connor Laptop | IDlfSrkA41chvVU8Wazx692FnmIgFOWPmCmIPXe8/Dk= | 6 |
| gold | DucoPhone | HCUlzBYbsY/rABGibmBHStWmtABvWvnnJqtjJ/K3YXc= | 7 |
| gold | DucoPC | linJdo3LJ0jbvs2dylGyJ5URFshoZJ8twLMWvRCV8So= | 8 |
| gold | Alicia iPhone | yPJ1JbMzhcyj6ahfjdO3UI7Q6RvZz0A/36UcKAXPiHg= | 9 |
| gold | Alicia iPad | c6cRCgheaKFjLIu/01mjvKvJAouGlmY/CL2SI0kPvHw= | 10 |
| gold | Alicia MacBook | NynqG1cI9snLBndQlx6vQp7rq7/B2FpAl3vu82UwKXM= | 11 |
| gold | Patrick Phone | sgaNvwiq1VhJAYrkepLLagf0rOD0fYlrKYlF9lfxRzo= | 12 |
| gold | Alex MacBook | /sasPFohEQKlG+bcvVTes5Q4MobUrZlXtj9VkKlHplI= | 13 |
| gold | Alicia PC | umsbfAYcIzfQg5hoTL+aqi3IFStngNo7gqvLJkvQwRQ= | 14 |
| gold | Josh PC | Amc6BWmk8Zol9tU4Epe0WAAVfeQrs+APxGyV34atdi0= | 15 |
## wg0
Client Example Config
```conf
[Interface]
PrivateKey =
Address = 10.10.0.15/32
DNS = 3.14.4.101, 3.14.4.102
[Peer]
PublicKey = G/zeQG4Q/IZhqIGc7v2HNXIMmhp74vQBdbDCwOXDihQ=
Endpoint = duco.ddns.net:51820
AllowedIPs = 3.14.0.0/16
```
## Install
*Sometimes you have to run commands individually for them to work*
```bash
apt update
apt install -y raspberrypi-kernel-headers
echo "deb http://deb.debian.org/debian/ unstable main" | sudo tee /etc/apt/sources.list.d/unstable.list
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8B48AD6246925553
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7638D0442B90D010
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC
printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' | sudo tee /etc/apt/preferences.d/limit-unstable
apt update
apt install -y wireguard qrencode
cat > /etc/sysctl.conf <<EOF
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
EOF
cd /etc/wireguard
umask 077
export PRIVKEY=$(wg genkey)
echo $PRIVKEY | tee privatekey | wg pubkey | tee publickey
echo $PRIVKEY | tee --append /etc/wireguard/wg0.conf
cat > /etc/wireguard/wg0.conf <<EOF
[Interface]
Address = 10.10.0.1/24
Address = fd86:ea04:1111::1/64
SaveConfig = false
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51820
PrivateKey = $PRIVKEY
EOF
sysctl -p
service wg-quick@wg0 start
systemctl enable wg-quick@wg0
```

6
gold/wg0.conf Normal file
View File

@@ -0,0 +1,6 @@
[Interface]
Address = 10.10.0.1/24
PostUp = wg addconf wg0 /etc/wireguard/peers.conf; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51820
PrivateKey =

60
peers.conf Normal file
View File

@@ -0,0 +1,60 @@
[Peer]
PublicKey = G/zeQG4Q/IZhqIGc7v2HNXIMmhp74vQBdbDCwOXDihQ=
AllowedIPs = 10.10.0.1/32
[Peer]
PublicKey = /IwuCiWR2gtjha4x5ZYkTD5e3My+i7wpJ8rC0AMhejI=
AllowedIPs = 10.10.0.2/32
[Peer]
PublicKey = GgRgmWmlfIqCZq8iRY4U5mgKabDCg28vjVxA7ZLRckk=
AllowedIPs = 10.10.0.3/32
[Peer]
PublicKey = pvgRCYpdeHWywSVvkQQc+Xi0oyEaojxDnhcHTw7Vgn0=
AllowedIPs = 10.10.0.4/32
[Peer]
PublicKey = LhuYXBg0gtZsO3I+i1M51DotlKm8YY+LosexW+uBOSQ=
AllowedIPs = 10.10.0.5/32
[Peer]
PublicKey = IDlfSrkA41chvVU8Wazx692FnmIgFOWPmCmIPXe8/Dk=
AllowedIPs = 10.10.0.6/32
[Peer]
PublicKey = HCUlzBYbsY/rABGibmBHStWmtABvWvnnJqtjJ/K3YXc=
AllowedIPs = 10.10.0.7/32
[Peer]
PublicKey = linJdo3LJ0jbvs2dylGyJ5URFshoZJ8twLMWvRCV8So=
AllowedIPs = 10.10.0.8/32
Endpoint = 10.0.128.94:54405
[Peer]
PublicKey = yPJ1JbMzhcyj6ahfjdO3UI7Q6RvZz0A/36UcKAXPiHg=
AllowedIPs = 10.10.0.9/32
[Peer]
PublicKey = c6cRCgheaKFjLIu/01mjvKvJAouGlmY/CL2SI0kPvHw=
AllowedIPs = 10.10.0.10/32
[Peer]
PublicKey = NynqG1cI9snLBndQlx6vQp7rq7/B2FpAl3vu82UwKXM=
AllowedIPs = 10.10.0.11/32
[Peer]
PublicKey = sgaNvwiq1VhJAYrkepLLagf0rOD0fYlrKYlF9lfxRzo=
AllowedIPs = 10.10.0.12/32
[Peer]
PublicKey = /sasPFohEQKlG+bcvVTes5Q4MobUrZlXtj9VkKlHplI=
AllowedIPs = 10.10.0.13/32
[Peer]
PublicKey = umsbfAYcIzfQg5hoTL+aqi3IFStngNo7gqvLJkvQwRQ=
AllowedIPs = 10.10.0.14/32
[Peer]
PublicKey = Amc6BWmk8Zol9tU4Epe0WAAVfeQrs+APxGyV34atdi0=
AllowedIPs = 10.10.0.15/32