Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/maurodelazeri/wireguard-vpn

Extremely simple yet fast and modern VPN
https://github.com/maurodelazeri/wireguard-vpn

vpn wireguard

Last synced: about 1 month ago
JSON representation

Extremely simple yet fast and modern VPN

Host: GitHub
URL: https://github.com/maurodelazeri/wireguard-vpn
Owner: maurodelazeri
Created: 2019-11-09T19:27:58.000Z (about 5 years ago)
Default Branch: master
Last Pushed: 2019-11-09T19:34:08.000Z (about 5 years ago)
Last Synced: 2024-11-09T19:13:19.460Z (3 months ago)
Topics: vpn, wireguard
Language: Shell
Size: 5.86 KB
Stars: 1
Watchers: 2
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# Wireguard Scripts

add and remove clients from a wireguard server.

`bash add-client.sh ` will create a config in clients for that client.

`bash remove-peer.sh ` will remove the peer.

Download the generated `.tar.gz` file and extract it. Follow the instructions in `SETUP.txt` in the resulting folder.

## Installation

NOTE: this assumes some decent commandline knowlege.

install wireguard on server (https://www.wireguard.com/install/)

as `root`, `cd /etc/wireguard`, and create server keys: `wg genkey | tee server_private_key | wg pubkey > server_public_key`

copy wg0-server.example.conf in this project to /etc/wireguard/wg0.conf

edit `/etc/wireguard/wg0.conf` replace `PrivateKey = asdf123=` with the private key created above.
Change any other settings you need different (ip range, network interfaces[eth0 is outgoing interface in this example])
stop being root

start wireguard: `sudo wg-quick up wg0`

add a client `bash add-client.sh `

setup iptables rules, see: https://www.ckn.io/blog/2017/11/14/wireguard-vpn-typical-setup/ step 6 for more details.

Track VPN Connection
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

VPN Traffic
iptables -A INPUT -p udp -m udp --dport 51820 -m conntrack --ctstate NEW -j ACCEPT

Forwarding/NAT
iptables -A FORWARD -i wg0 -o wg0 -m conntrack --ctstate NEW -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

Make iptables persist:
apt-get install iptables-persistent
systemctl enable netfilter-persistent
netfilter-persistent save

if everything is working right: `systemctl enable [email protected]`

(optional) commit your changes to your fork of this repo.