[*] -
SecureInfo.eu,
/Network/Wireguard.md
/Network/Wireguard.md /Network/Wireguard.mdsudo apt-get install -y wireguard
mkdir -p /etc/wireguard
cd /etc/wireguard
wg genkey | tee server_private.key | wg pubkey > server_public.key
printf "Wireguard listening port ? " ; read wg_port
printf "Client public key ? " ; read client_public_key
server_private_key=$(cat server_private.key)
cat << EOD > wg0.conf
[Interface]
PrivateKey = $server_private_key
Address = 10.0.0.1/24
ListenPort = $wg_port
[Peer]
PublicKey = $client_public_key
AllowedIPs = 10.0.0.2/32
EOD
iptables -I INPUT -p udp --dport $wg_port -j ACCEPT
iptables -I OUTPUT -p udp --sport $wg_port -j ACCEPT
sudo systemctl enable wg-quick@wg0
sudo systemctl start wg-quick@wg0
sudo apt-get install -y wireguard
mkdir -p /etc/wireguard
cd /etc/wireguard
wg genkey | tee client_private.key | wg pubkey > client_public.key
client_private_key=$(cat client_private.key)
printf "Wireguard server's listening port ? " ; read wg_port
printf "Endpoint (IP:PORT) ? " ; read endpoint
printf "Server public key ? " ; read server_public_key
cat << EOD > wg0.conf
[Interface]
PrivateKey = $client_private_key
Address = 10.0.0.2/24
[Peer]
PublicKey = $server_public_key
Endpoint = $endpoint
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 25
EOD
iptables -I INPUT -p udp --sport $wg_port -j ACCEPT
iptables -I OUTPUT -p udp --dport $wg_port -j ACCEPT
sudo wg-quick up wg0
To generated on both client and server in /etc/wireguard/ as root :
wg genkey | tee wg0.key | wg pubkey > wg0.pub
wg genpsk > peers.psk| IP | Where | Description |
|---|---|---|
| 0.0.0.0/0 | Client |
Everywhere, it means route for everywhere |
| 10.0.0.3/32 | Client |
VPN internal network |
| 10.0.0.2/32 | Client |
VPN internal network |
| 10.0.0.1/32 | Server |
VPN internal network |
| 146.59.151.177 | Server |
External IP |
| 51194 | Server |
Listening port |
| ens3 | Server |
Interface of incoming packets |
| IP | Class | Value |
|---|---|---|
| 10.0.0.1/32 | Private |
yNdUabjKoHzDYa5OjeSqG8TEtzfdA/f0+azpoyKtAns= |
Public |
bkSxmTGJYM1Hn32r031n8ylvJXN49NaEEx0bHzR+qWU= | |
| 10.0.0.2/32 | Private |
UPTyYL1v+Tr5CadN8fck2QCTixh2QGH+4/GKlEdoXnE= |
Public |
5Lw2G4VR9Y/lTqLcP4TtC1I1Y1fl7hojkMbCHX9IOyw= | |
| 10.0.0.3/32 | Private |
QMy23mm2/aBnXEJH/YMQQEYg6nUk1SAvfar+UF8UiEY= |
Public |
kC6CTbq6ePcok0g87rEtFNAwfK5H9kmuZ++EP55NoVc= |
# wg-server.conf
[Interface]
Address = 10.0.0.1/32
ListenPort = 51194
PrivateKey = yNdUabjKoHzDYa5OjeSqG8TEtzfdA/f0+azpoyKtAns=
PostUp = /etc/wireguard/helpers/add-nat-routing.sh
PostDown = /etc/wireguard/helpers/del-nat-routing.sh
[Peer]
PublicKey = 5Lw2G4VR9Y/lTqLcP4TtC1I1Y1fl7hojkMbCHX9IOyw=
AllowedIPs = 10.0.0.2/24
[Peer]
PublicKey = kC6CTbq6ePcok0g87rEtFNAwfK5H9kmuZ++EP55NoVc=
AllowedIPs = 10.0.0.3/24/etc/wireguard/helpers/add-nat-routing.sh
#!/bin/sh
APP="$(basename "$0")"
iptables="/usr/sbin/iptables"
sysctl="/usr/sbin/sysctl"
wg_net="10.0.0.0/24"
wg_ifce="wg0"
out_ifce="ens3"
in_ifce="ens3"
wg_port="51194"
echo "[*] $(date) - Running: $APP"
$iptables -I FORWARD 1 -i $in_ifce -o $wg_ifce -j ACCEPT
$iptables -I FORWARD 1 -i $wg_ifce -o $out_ifce -j ACCEPT
$iptables -I INPUT 1 -i $in_ifce -p udp --dport $wg_port -j ACCEPT
$iptables -I INPUT 1 -i $wg_ifce -j ACCEPT
$iptables -t nat -I POSTROUTING 1 -s $wg_net -o $out_ifce -j MASQUERADE
$sysctl -w net.ipv4.ip_forward=1
$sysctl -p
echo "[v] $(date) - Executed: $APP"/etc/wireguard/helpers/del-nat-routing.sh
#!/bin/sh
APP="$(basename "$0")"
iptables="/usr/sbin/iptables"
sysctl="/usr/sbin/sysctl"
wg_net="10.0.0.0/24"
wg_ifce="wg0"
out_ifce="ens3"
in_ifce="ens3"
ifce="ens3"
wg_port="51194"
echo "[*] $(date) - Running: $APP"
$iptables -D FORWARD -i $in_ifce -o $wg_ifce -j ACCEPT
$iptables -D FORWARD -i $wg_ifce -o $out_ifce -j ACCEPT
$iptables -D INPUT -i $in_ifce -p udp --dport $wg_port -j ACCEPT
$iptables -D INPUT -i $wg_ifce -j ACCEPT
$iptables -t nat -D POSTROUTING -s $wg_net -o $out_ifce -j MASQUERADE
$sysctl -w net.ipv4.ip_forward=0
$sysctl -p
echo "[v] $(date) - Executed: $APP"[Interface]
PrivateKey = UPTyYL1v+Tr5CadN8fck2QCTixh2QGH+4/GKlEdoXnE=
Address = 10.0.0.2/32
[Peer]
PublicKey = bkSxmTGJYM1Hn32r031n8ylvJXN49NaEEx0bHzR+qWU=
Endpoint = 146.59.151.177:51194
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25[Interface]
PrivateKey = QMy23mm2/aBnXEJH/YMQQEYg6nUk1SAvfar+UF8UiEY=
Address = 10.0.0.3/32
[Peer]
PublicKey = bkSxmTGJYM1Hn32r031n8ylvJXN49NaEEx0bHzR+qWU=
Endpoint = 146.59.151.177:51194
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25