Last active
February 4, 2024 22:20
-
-
Save gabriel-v/d2d5f6ab60dd59a5cde83459556b79f9 to your computer and use it in GitHub Desktop.
Wireguard configuration for dummies
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# install | |
firefox https://www.wireguard.com/install/ | |
# for macOS use the brew/ports version, not the app | |
# be root | |
sudo -i | |
mkdir /etc/wireguard || true | |
cd /etc/wireguard | |
# create keys | |
umask 077 | |
wg genkey | tee privatekey | wg pubkey > publickey | |
# edit config | |
vim -O wg0.conf *key | |
# activate | |
sudo wg-quick up wg0 | |
# enable forever | |
systemctl enable wg-quick@wg0 # arch linux | |
systemctl enable wg@wg0 # ubuntu/debian | |
# ping everyone. No communication will be done until both hosts over a tunnel send something. | |
nmap -n -sP 10.66.60.0/24 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# In this case, the laptop only needs to connect to the server via its pulic ip. | |
Host station1 | |
Hostname 10.66.60.2 | |
User whatever | |
ProxyCommand ssh -q server nc %h %p | |
Host station2 | |
Hostname 10.66.60.3 | |
User whatever | |
ProxyCommand ssh -q server nc %h %p | |
Host server | |
Hostname SERVER_PUBLIC_IP | |
User whatever |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# server: /etc/wireguard/wg0.conf | |
[Interface] | |
PrivateKey = PRIV_KEY_SERVER | |
ListenPort = 51820 | |
Address = 10.66.60.1/24 | |
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o %i -j MASQUERADE | |
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o %i -j MASQUERADE | |
# station 1 | |
[Peer] | |
PublicKey = PUB_KEY_STATION1 | |
AllowedIPs = 10.66.60.2/32 | |
# station 2 | |
[Peer] | |
PublicKey = PUB_KEY_STATION2 | |
AllowedIPs = 10.66.60.3/32 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# station1: /etc/wireguard/wg0.conf | |
[Interface] | |
PrivateKey = PRIV_KEY_STATION1 | |
Address = 10.66.60.2/24 | |
# server | |
[Peer] | |
PublicKey = PUB_KEY_SERVER | |
Endpoint = SERVER_PUBLIC_IP:51820 | |
AllowedIPs = 10.66.60.0/24 | |
PersistentKeepalive = 15 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# station2: /etc/wireguard/wg0.conf | |
[Interface] | |
PrivateKey = PRIV_KEY_STATION2 | |
Address = 10.66.60.3/24 | |
# server | |
[Peer] | |
PublicKey = PUB_KEY_SERVER | |
Endpoint = SERVER_PUBLIC_IP:51820 | |
AllowedIPs = 10.66.60.0/24 | |
PersistentKeepalive = 15 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment