83 lines
3.2 KiB
Markdown
83 lines
3.2 KiB
Markdown
# Wireguard
|
|
|
|
## Peers
|
|
|
|
| Server | Client | PubKey | IP |
|
|
| ------ | --------------- | -------------------------------------------- | --- |
|
|
| gold | gold | G/zeQG4Q/IZhqIGc7v2HNXIMmhp74vQBdbDCwOXDihQ= | 1 |
|
|
| gold | DucoBook | /IwuCiWR2gtjha4x5ZYkTD5e3My+i7wpJ8rC0AMhejI= | 2 |
|
|
| gold | Patrick Windows | GgRgmWmlfIqCZq8iRY4U5mgKabDCg28vjVxA7ZLRckk= | 3 |
|
|
| gold | Patrick Linux | pvgRCYpdeHWywSVvkQQc+Xi0oyEaojxDnhcHTw7Vgn0= | 4 |
|
|
| gold | Nic Macbook | LhuYXBg0gtZsO3I+i1M51DotlKm8YY+LosexW+uBOSQ= | 5 |
|
|
| gold | Connor Laptop | IDlfSrkA41chvVU8Wazx692FnmIgFOWPmCmIPXe8/Dk= | 6 |
|
|
| gold | DucoPhone | HCUlzBYbsY/rABGibmBHStWmtABvWvnnJqtjJ/K3YXc= | 7 |
|
|
| gold | DucoPC | linJdo3LJ0jbvs2dylGyJ5URFshoZJ8twLMWvRCV8So= | 8 |
|
|
| gold | Alicia iPhone | yPJ1JbMzhcyj6ahfjdO3UI7Q6RvZz0A/36UcKAXPiHg= | 9 |
|
|
| gold | Alicia iPad | c6cRCgheaKFjLIu/01mjvKvJAouGlmY/CL2SI0kPvHw= | 10 |
|
|
| gold | Alicia MacBook | NynqG1cI9snLBndQlx6vQp7rq7/B2FpAl3vu82UwKXM= | 11 |
|
|
| gold | Patrick Phone | sgaNvwiq1VhJAYrkepLLagf0rOD0fYlrKYlF9lfxRzo= | 12 |
|
|
| gold | Alex MacBook | /sasPFohEQKlG+bcvVTes5Q4MobUrZlXtj9VkKlHplI= | 13 |
|
|
| gold | Alicia PC | umsbfAYcIzfQg5hoTL+aqi3IFStngNo7gqvLJkvQwRQ= | 14 |
|
|
| gold | Josh PC | Amc6BWmk8Zol9tU4Epe0WAAVfeQrs+APxGyV34atdi0= | 15 |
|
|
|
|
## wg0
|
|
|
|
Client Example Config
|
|
|
|
```conf
|
|
[Interface]
|
|
PrivateKey =
|
|
Address = 10.10.0.15/32
|
|
DNS = 3.14.4.101, 3.14.4.102
|
|
|
|
[Peer]
|
|
PublicKey = G/zeQG4Q/IZhqIGc7v2HNXIMmhp74vQBdbDCwOXDihQ=
|
|
Endpoint = duco.ddns.net:51820
|
|
AllowedIPs = 3.14.0.0/16
|
|
```
|
|
|
|
## Install
|
|
|
|
*Sometimes you have to run commands individually for them to work*
|
|
|
|
```bash
|
|
apt update
|
|
apt install -y raspberrypi-kernel-headers
|
|
echo "deb http://deb.debian.org/debian/ unstable main" | sudo tee /etc/apt/sources.list.d/unstable.list
|
|
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8B48AD6246925553
|
|
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7638D0442B90D010
|
|
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC
|
|
printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' | sudo tee /etc/apt/preferences.d/limit-unstable
|
|
apt update
|
|
apt install -y wireguard qrencode
|
|
|
|
cat > /etc/sysctl.conf <<EOF
|
|
net.ipv4.ip_forward=1
|
|
net.ipv6.conf.all.forwarding=1
|
|
EOF
|
|
|
|
cd /etc/wireguard
|
|
umask 077
|
|
export PRIVKEY=$(wg genkey)
|
|
echo $PRIVKEY | tee privatekey | wg pubkey | tee publickey
|
|
echo $PRIVKEY | tee --append /etc/wireguard/wg0.conf
|
|
cat > /etc/wireguard/wg0.conf <<EOF
|
|
[Interface]
|
|
Address = 10.10.0.1/24
|
|
Address = fd86:ea04:1111::1/64
|
|
SaveConfig = false
|
|
PostUp = wg addconf wg0 /etc/wireguard/peers.conf; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
|
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
|
|
ListenPort = 51820
|
|
PrivateKey = $PRIVKEY
|
|
EOF
|
|
|
|
sysctl -p
|
|
service wg-quick@wg0 start
|
|
systemctl enable wg-quick@wg0
|
|
```
|
|
|
|
## Add clients
|
|
|
|
1. Copy peers.conf to /etc/wireguard/peers.conf
|
|
1. Add more peers as needed to peers.conf |