|
|
|
@@ -14,8 +14,8 @@ sudo dnf install wireguard-tools
|
|
|
|
|
|
|
|
|
|
|
|
### Step 2: Setup wireguard interface configs
|
|
|
|
### Step 2: Setup wireguard interface configs
|
|
|
|
This step requires you to do multiple things:
|
|
|
|
This step requires you to do multiple things:
|
|
|
|
a) Generate a private & public key for both the server and client
|
|
|
|
1. Generate a private & public key for both the server and client
|
|
|
|
b) Create a wireguard interface config for both the server & client
|
|
|
|
2. Create a wireguard interface config for both the server & client
|
|
|
|
- In this step you will need to choose an IP for both server and client (the usual choice is on a subnet included in 10.0.0.0/8 (ex: 10.200.1.x/24)).
|
|
|
|
- In this step you will need to choose an IP for both server and client (the usual choice is on a subnet included in 10.0.0.0/8 (ex: 10.200.1.x/24)).
|
|
|
|
|
|
|
|
|
|
|
|
#### A: Create Pub & Priv keys (server & client)
|
|
|
|
#### A: Create Pub & Priv keys (server & client)
|
|
|
|
@@ -42,7 +42,7 @@ client_ip=10.200.1.2
|
|
|
|
|
|
|
|
|
|
|
|
masquerade_interface=eno1 # You will need to find out what interface you want/need to use (just look it up with "ip address" or "ifconfig" (whatever your util is))
|
|
|
|
masquerade_interface=eno1 # You will need to find out what interface you want/need to use (just look it up with "ip address" or "ifconfig" (whatever your util is))
|
|
|
|
|
|
|
|
|
|
|
|
### This will actually generate the config using bash, but feel free to do it manually (for your choice of IPs you will need to make sure you
|
|
|
|
### This will actually generate the config using bash, but feel free to do it manually (for your choice of IPs you will need to make sure you are consistant between the server and client peer configs)
|
|
|
|
cat > wg0-server.conf <<EOF
|
|
|
|
cat > wg0-server.conf <<EOF
|
|
|
|
[Interface]
|
|
|
|
[Interface]
|
|
|
|
Address = $server_ip
|
|
|
|
Address = $server_ip
|
|
|
|
@@ -82,7 +82,7 @@ PersistentKeepalive = 24
|
|
|
|
EOF
|
|
|
|
EOF
|
|
|
|
```
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
### Step 3: Configure System to allow masquerading
|
|
|
|
### Step 3: Configure server to allow interface masquerading
|
|
|
|
By default most systems don't allow for programs to setup interface masquerading. So you need to change a config in /etc/sysctl.conf to allow for forwarding/masquerading.
|
|
|
|
By default most systems don't allow for programs to setup interface masquerading. So you need to change a config in /etc/sysctl.conf to allow for forwarding/masquerading.
|
|
|
|
|
|
|
|
|
|
|
|
In the config file you will either need to add or uncomment the following line to allow for wireguard to masquerade as another interface (giving you access to the network it is connected to).
|
|
|
|
In the config file you will either need to add or uncomment the following line to allow for wireguard to masquerade as another interface (giving you access to the network it is connected to).
|
|
|
|
@@ -93,7 +93,7 @@ Afterwards you will likely need to load the change into your system.
|
|
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
```bash
|
|
|
|
## Can also use "sudo sysctl --system" to just have it reload all configs
|
|
|
|
## Can also use "sudo sysctl --system" to just have it reload all configs
|
|
|
|
sysctl --load=/etc/sysctl.conf
|
|
|
|
sudo sysctl --load=/etc/sysctl.conf
|
|
|
|
|
|
|
|
|
|
|
|
# or just manually set it
|
|
|
|
# or just manually set it
|
|
|
|
|
|
|
|
|
|
|
|
@@ -110,11 +110,12 @@ Here is where you will setup a service to make sure your wg iterface will be res
|
|
|
|
systemctl enable wg-quick@wg#
|
|
|
|
systemctl enable wg-quick@wg#
|
|
|
|
```
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Note: For a distro using another init system (initrc, openrc, sysvinit, etc) you will need to either implement it as an ifup/ifdown script, network-script, or some other method.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
### Step 4: Deploy on client and server
|
|
|
|
### Step 4: Deploy on client and server
|
|
|
|
This is simple. You just have to put the config we generated in step 2 in the /etc/wireguard directory as wg#.conf (with # being the wireguard interface number (can be anything)) on both the server and client.
|
|
|
|
This is simple. You just have to put the config we generated in step 2 in the /etc/wireguard directory as wg#.conf (with # being the wireguard interface number (can be anything)) on both the server and client.
|
|
|
|
|
|
|
|
|
|
|
|
Afterwards you can
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
### Step 5: Setup port forwarding on router/gateway
|
|
|
|
### Step 5: Setup port forwarding on router/gateway
|
|
|
|
For this step you just need to get on your router and port-forward a port on the router to the port configured on your server. I cannot provide the specific how-to for that since I cannot account for all the different devices that you may be using.
|
|
|
|
For this step you just need to get on your router and port-forward a port on the router to the port configured on your server. I cannot provide the specific how-to for that since I cannot account for all the different devices that you may be using.
|
|
|
|
@@ -125,9 +126,9 @@ Now all you have to do is test your config work.
|
|
|
|
Just go ahead issue this command on your server and client (while off your home network)
|
|
|
|
Just go ahead issue this command on your server and client (while off your home network)
|
|
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
```bash
|
|
|
|
wg-quick up wg#
|
|
|
|
sudo wg-quick up wg#
|
|
|
|
```
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
After this you should see packets/traffic (transfer) when running "wg" to see how much data has been transferred to & from the interface.
|
|
|
|
After this you should see packets/traffic (transfer) when running "wg" to see how much data has been transferred to & from the interface. If you experience any issues you can send me an email and I can see if I can troubleshoot with you.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
