https://github.com/justintimperio/wg-nat-bootstrap

A small experimental repo designed to bootstrap nat traversals over wireguard
https://github.com/justintimperio/wg-nat-bootstrap

Last synced: 26 days ago
JSON representation

A small experimental repo designed to bootstrap nat traversals over wireguard

• Host: GitHub
• URL: https://github.com/justintimperio/wg-nat-bootstrap
• Owner: JustinTimperio
• Created: 2024-05-21T19:39:05.000Z (about 2 years ago)
• Default Branch: master
• Last Pushed: 2024-05-27T20:51:41.000Z (about 2 years ago)
• Last Synced: 2026-03-31T19:54:29.771Z (3 months ago)
• Language: Python
• Size: 33.2 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# WG-NAT-Bootstrap

This repo contains some experimental scripts to setup a Wireguard NAT forward network automatically. This allows for peers to connect to not only to other peers but also NAT devices in the same network as the peer. The scripts are tested on Debian 12 but should work on most linux distributions with some basic modifications. 

## Server Setup (Debian 12)

1. Initial Setup:

    1. `sudo apt update && sudo apt upgrade`

    2. `sudo apt install python3-netifaces python3-dnspython iptables python3-yaml wireguard wireguard-tools`

    3. `cd /opt && sudo git clone https://github.com/JustinTimperio/WG-NAT-Bootstrap.git && cd WG-NAT-Bootstrap`

    4. `sudo cp example.yaml config.yaml`

    6. Open `config.yaml` and add your users and server information

    7. `sudo python3 bootstrap.py`

2. Reconfiguring the server:

    1. Change the configuration in `config.yaml`

    2. `sudo python3 bootstrap.py --reconfigure-server`

3. Reconfiguring the clients:

    1. Add, Enable or Disable a user in `config.yaml`

    2. `sudo python3 bootstrap.py --reconfigure-clients`

## Client Setup

1. Install `wireguard` on your host system

2. Copy the config file from the server located at `/etc/wireguard/clients/.conf`

3. Connect: 

    1. Linux:

        1. Open `/etc/wireguard/.conf` and paste your configuration into the file 

        2. `sudo wg-quick up .conf`

        3. `sudo systemctl enable wg-quick@.conf`

    2. Windows:

        1. Open the Wireguard GUI and import the configuration file

        2. Disable the button that says "Block untunneled traffic"

        3. Click the toggle switch to activate the connection

    3. MacOS:

        1. Open the Wireguard GUI and import the configuration file

        2. Disable the button that says "Block untunneled traffic"

        3. Click the toggle switch to activate the connection