init

2020-08-10 22:10:06 -04:00
commit 0aaf4f4461
3 changed files with 144 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -0,0 +1,78 @@
+# Wireguard
+
+## Peers
+
+| Server | Client          | PubKey                                       | IP  |
+| ------ | --------------- | -------------------------------------------- | --- |
+| gold   | gold            | G/zeQG4Q/IZhqIGc7v2HNXIMmhp74vQBdbDCwOXDihQ= | 1   |
+| gold   | DucoBook        | /IwuCiWR2gtjha4x5ZYkTD5e3My+i7wpJ8rC0AMhejI= | 2   |
+| gold   | Patrick Windows | GgRgmWmlfIqCZq8iRY4U5mgKabDCg28vjVxA7ZLRckk= | 3   |
+| gold   | Patrick Linux   | pvgRCYpdeHWywSVvkQQc+Xi0oyEaojxDnhcHTw7Vgn0= | 4   |
+| gold   | Nic Macbook     | LhuYXBg0gtZsO3I+i1M51DotlKm8YY+LosexW+uBOSQ= | 5   |
+| gold   | Connor Laptop   | IDlfSrkA41chvVU8Wazx692FnmIgFOWPmCmIPXe8/Dk= | 6   |
+| gold   | DucoPhone       | HCUlzBYbsY/rABGibmBHStWmtABvWvnnJqtjJ/K3YXc= | 7   |
+| gold   | DucoPC          | linJdo3LJ0jbvs2dylGyJ5URFshoZJ8twLMWvRCV8So= | 8   |
+| gold   | Alicia iPhone   | yPJ1JbMzhcyj6ahfjdO3UI7Q6RvZz0A/36UcKAXPiHg= | 9   |
+| gold   | Alicia iPad     | c6cRCgheaKFjLIu/01mjvKvJAouGlmY/CL2SI0kPvHw= | 10  |
+| gold   | Alicia MacBook  | NynqG1cI9snLBndQlx6vQp7rq7/B2FpAl3vu82UwKXM= | 11  |
+| gold   | Patrick Phone   | sgaNvwiq1VhJAYrkepLLagf0rOD0fYlrKYlF9lfxRzo= | 12  |
+| gold   | Alex MacBook    | /sasPFohEQKlG+bcvVTes5Q4MobUrZlXtj9VkKlHplI= | 13  |
+| gold   | Alicia PC       | umsbfAYcIzfQg5hoTL+aqi3IFStngNo7gqvLJkvQwRQ= | 14  |
+| gold   | Josh PC         | Amc6BWmk8Zol9tU4Epe0WAAVfeQrs+APxGyV34atdi0= | 15  |
+
+## wg0
+
+Client Example Config
+
+```conf
+[Interface]
+PrivateKey = 
+Address = 10.10.0.15/32
+DNS = 3.14.4.101, 3.14.4.102
+
+[Peer]
+PublicKey = G/zeQG4Q/IZhqIGc7v2HNXIMmhp74vQBdbDCwOXDihQ=
+Endpoint = duco.ddns.net:51820
+AllowedIPs = 3.14.0.0/16
+```
+
+## Install 
+
+*Sometimes you have to run commands individually for them to work*
+
+```bash
+apt update
+apt install -y raspberrypi-kernel-headers
+echo "deb http://deb.debian.org/debian/ unstable main" | sudo tee /etc/apt/sources.list.d/unstable.list
+apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8B48AD6246925553
+apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7638D0442B90D010
+apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC
+printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' | sudo tee /etc/apt/preferences.d/limit-unstable
+apt update
+apt install -y wireguard qrencode
+
+cat > /etc/sysctl.conf <<EOF
+net.ipv4.ip_forward=1
+net.ipv6.conf.all.forwarding=1
+EOF
+
+cd /etc/wireguard
+umask 077
+export PRIVKEY=$(wg genkey)
+echo $PRIVKEY | tee privatekey | wg pubkey | tee publickey
+echo $PRIVKEY | tee --append /etc/wireguard/wg0.conf
+cat > /etc/wireguard/wg0.conf <<EOF
+[Interface]
+Address = 10.10.0.1/24
+Address = fd86:ea04:1111::1/64
+SaveConfig = false
+PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
+ListenPort = 51820
+PrivateKey = $PRIVKEY
+EOF
+
+sysctl -p
+service wg-quick@wg0 start
+systemctl enable wg-quick@wg0
+```
--- a/gold/wg0.conf
+++ b/gold/wg0.conf
@@ -0,0 +1,6 @@
+[Interface]
+Address = 10.10.0.1/24
+PostUp = wg addconf wg0 /etc/wireguard/peers.conf; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
+ListenPort = 51820
+PrivateKey = 
--- a/peers.conf
+++ b/peers.conf
@@ -0,0 +1,60 @@
+[Peer]
+PublicKey = G/zeQG4Q/IZhqIGc7v2HNXIMmhp74vQBdbDCwOXDihQ=
+AllowedIPs = 10.10.0.1/32
+
+[Peer]
+PublicKey = /IwuCiWR2gtjha4x5ZYkTD5e3My+i7wpJ8rC0AMhejI=
+AllowedIPs = 10.10.0.2/32
+
+[Peer]
+PublicKey = GgRgmWmlfIqCZq8iRY4U5mgKabDCg28vjVxA7ZLRckk=
+AllowedIPs = 10.10.0.3/32
+
+[Peer]
+PublicKey = pvgRCYpdeHWywSVvkQQc+Xi0oyEaojxDnhcHTw7Vgn0=
+AllowedIPs = 10.10.0.4/32
+
+[Peer]
+PublicKey = LhuYXBg0gtZsO3I+i1M51DotlKm8YY+LosexW+uBOSQ=
+AllowedIPs = 10.10.0.5/32
+
+[Peer]
+PublicKey = IDlfSrkA41chvVU8Wazx692FnmIgFOWPmCmIPXe8/Dk=
+AllowedIPs = 10.10.0.6/32
+
+[Peer]
+PublicKey = HCUlzBYbsY/rABGibmBHStWmtABvWvnnJqtjJ/K3YXc=
+AllowedIPs = 10.10.0.7/32
+
+[Peer]
+PublicKey = linJdo3LJ0jbvs2dylGyJ5URFshoZJ8twLMWvRCV8So=
+AllowedIPs = 10.10.0.8/32
+Endpoint = 10.0.128.94:54405
+
+[Peer]
+PublicKey = yPJ1JbMzhcyj6ahfjdO3UI7Q6RvZz0A/36UcKAXPiHg=
+AllowedIPs = 10.10.0.9/32
+
+[Peer]
+PublicKey = c6cRCgheaKFjLIu/01mjvKvJAouGlmY/CL2SI0kPvHw=
+AllowedIPs = 10.10.0.10/32
+
+[Peer]
+PublicKey = NynqG1cI9snLBndQlx6vQp7rq7/B2FpAl3vu82UwKXM=
+AllowedIPs = 10.10.0.11/32
+
+[Peer]
+PublicKey = sgaNvwiq1VhJAYrkepLLagf0rOD0fYlrKYlF9lfxRzo=
+AllowedIPs = 10.10.0.12/32
+
+[Peer]
+PublicKey = /sasPFohEQKlG+bcvVTes5Q4MobUrZlXtj9VkKlHplI=
+AllowedIPs = 10.10.0.13/32
+
+[Peer]
+PublicKey = umsbfAYcIzfQg5hoTL+aqi3IFStngNo7gqvLJkvQwRQ=
+AllowedIPs = 10.10.0.14/32
+
+[Peer]
+PublicKey = Amc6BWmk8Zol9tU4Epe0WAAVfeQrs+APxGyV34atdi0=
+AllowedIPs = 10.10.0.15/32