Skip to content

Instantly share code, notes, and snippets.

@nshalman
Created June 30, 2023 16:29
Show Gist options
  • Save nshalman/25a7adb26d29a67e98bb03b4f72f9913 to your computer and use it in GitHub Desktop.
Save nshalman/25a7adb26d29a67e98bb03b4f72f9913 to your computer and use it in GitHub Desktop.
wireguard example for SmartOS
#!/bin/bash -x
################ CHANGE THESE ##################
# Your Home IP or DNS record
WG_ADDRESS=wireguard.example.com
# UDP port forwarded to this machine
WG_PORT=12345
# DNS entries for the client to use when on VPN
WG_DNS=8.8.8.8
# Unused private IPs for this connection
WG_SERVER_INT=172.16.17.1
WG_CLIENT_INT=172.16.17.2
# Outgoing Ethernet Device
ETHERNET=net0
################################################
pkgin -y install wireguard qrencode
# Enable Packet Forwarding
svcadm enable ipv4-forwarding
# Enable NAT
cat >/etc/ipf/ipnat.conf <<EOF
map ${ETHERNET} ${WG_SERVER_INT}/24 -> 0/32
EOF
svcadm enable ipfilter
# Generate Keys and Configurations
mkdir -p /etc/wireguard
cd /etc/wireguard
wg genkey | tee server.private | wg pubkey > server.public
wg genkey | tee client.private | wg pubkey > client.public
# Server Configuration sets up NAT
cat >tunnel.conf <<EOF
[Interface]
Address = ${WG_SERVER_INT}
SaveConfig = false
ListenPort = ${WG_PORT}
PrivateKey = $(cat server.private)
[Peer]
PublicKey = $(cat client.public)
AllowedIPs = ${WG_CLIENT_INT}
EOF
cat >client.conf <<EOF
[Interface]
Address = ${WG_CLIENT_INT}
PrivateKey = $(cat client.private)
DNS = ${WG_DNS}
[Peer]
PublicKey = $(cat server.public)
Endpoint = ${WG_ADDRESS}:${WG_PORT}
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 10
EOF
# Turn on and enable for boot
svccfg -s wireguard-tools add tunnel
svcadm enable tunnel
# Show the QR Code
qrencode -t ansiutf8 < client.conf
@nshalman
Copy link
Author

Example tunnel.conf that resulted (DO NOT USE!!!!)

[Interface]
Address = 172.16.17.1
SaveConfig = false
ListenPort = 12345
PrivateKey = gBSzAqsIXd2Wqhhvtfj6jvB+nM/1AdVwNXr7XldcgUI=

[Peer]
PublicKey = a10KtsKdcfv9VxhAhCVgWwg3uXjOSlleW2Lfn0lZEiU=
AllowedIPs = 172.16.17.2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment