services/wireguard
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
master
wireguard/README.md
ducoterra 04491fedd4 fix wg addconf missing
2020-08-10 22:12:23 -04:00

3.2 KiB
Raw Permalink Blame History

Wireguard

Peers

Server Client PubKey IP
gold gold G/zeQG4Q/IZhqIGc7v2HNXIMmhp74vQBdbDCwOXDihQ= 1
gold DucoBook /IwuCiWR2gtjha4x5ZYkTD5e3My+i7wpJ8rC0AMhejI= 2
gold Patrick Windows GgRgmWmlfIqCZq8iRY4U5mgKabDCg28vjVxA7ZLRckk= 3
gold Patrick Linux pvgRCYpdeHWywSVvkQQc+Xi0oyEaojxDnhcHTw7Vgn0= 4
gold Nic Macbook LhuYXBg0gtZsO3I+i1M51DotlKm8YY+LosexW+uBOSQ= 5
gold Connor Laptop IDlfSrkA41chvVU8Wazx692FnmIgFOWPmCmIPXe8/Dk= 6
gold DucoPhone HCUlzBYbsY/rABGibmBHStWmtABvWvnnJqtjJ/K3YXc= 7
gold DucoPC linJdo3LJ0jbvs2dylGyJ5URFshoZJ8twLMWvRCV8So= 8
gold Alicia iPhone yPJ1JbMzhcyj6ahfjdO3UI7Q6RvZz0A/36UcKAXPiHg= 9
gold Alicia iPad c6cRCgheaKFjLIu/01mjvKvJAouGlmY/CL2SI0kPvHw= 10
gold Alicia MacBook NynqG1cI9snLBndQlx6vQp7rq7/B2FpAl3vu82UwKXM= 11
gold Patrick Phone sgaNvwiq1VhJAYrkepLLagf0rOD0fYlrKYlF9lfxRzo= 12
gold Alex MacBook /sasPFohEQKlG+bcvVTes5Q4MobUrZlXtj9VkKlHplI= 13
gold Alicia PC umsbfAYcIzfQg5hoTL+aqi3IFStngNo7gqvLJkvQwRQ= 14
gold Josh PC Amc6BWmk8Zol9tU4Epe0WAAVfeQrs+APxGyV34atdi0= 15

wg0

Client Example Config

[Interface]
PrivateKey = 
Address = 10.10.0.15/32
DNS = 3.14.4.101, 3.14.4.102

[Peer]
PublicKey = G/zeQG4Q/IZhqIGc7v2HNXIMmhp74vQBdbDCwOXDihQ=
Endpoint = duco.ddns.net:51820
AllowedIPs = 3.14.0.0/16

Install

Sometimes you have to run commands individually for them to work

apt update
apt install -y raspberrypi-kernel-headers
echo "deb http://deb.debian.org/debian/ unstable main" | sudo tee /etc/apt/sources.list.d/unstable.list
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8B48AD6246925553
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7638D0442B90D010
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC
printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' | sudo tee /etc/apt/preferences.d/limit-unstable
apt update
apt install -y wireguard qrencode

cat > /etc/sysctl.conf <<EOF
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
EOF

cd /etc/wireguard
umask 077
export PRIVKEY=$(wg genkey)
echo $PRIVKEY | tee privatekey | wg pubkey | tee publickey
echo $PRIVKEY | tee --append /etc/wireguard/wg0.conf
cat > /etc/wireguard/wg0.conf <<EOF
[Interface]
Address = 10.10.0.1/24
Address = fd86:ea04:1111::1/64
SaveConfig = false
PostUp = wg addconf wg0 /etc/wireguard/peers.conf; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51820
PrivateKey = $PRIVKEY
EOF

sysctl -p
service wg-quick@wg0 start
systemctl enable wg-quick@wg0

Add clients

  1. Copy peers.conf to /etc/wireguard/peers.conf
  2. Add more peers as needed to peers.conf
Reference in New Issue View Git Blame Copy Permalink