Last active
September 26, 2022 03:35
-
-
Save CausticD/b0f53e1db0cf0dcb77d7887fb49021e5 to your computer and use it in GitHub Desktop.
Wireguard Setup on Raspberry Pi 4
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This installation guide assumes using Windows. It is mainly for me to document the process so that I can do it again when I break something! | |
Phase 1: Get a working copy of an up to date Rasbian on the Pi: | |
(Follow guide for basic Raspbian here: https://gist.github.com/CausticD/06e74f178e0772a1717a5d9a232d2bd9#file-basicraspbian-txt) | |
Phase 2: Install Wireguard | |
Links: | |
https://www.wireguard.com/install/ | |
https://github.com/kabl/raspberry-wireguard | |
https://monsterjam.org/blog/blog.pl/20181204144314 | |
https://github.com/adrianmihalko/raspberrypiwireguard | |
1) sudo apt-get install raspberrypi-kernel-headers libmnl-dev libelf-dev build-essential pkg-config git qrencode | |
2) sudo reboot now | |
3) git clone https://git.zx2c4.com/WireGuard | |
4) cd WireGuard/ | |
5) cd src/ | |
6) make | |
7) sudo make install | |
Phase 3: Generate keys and config files | |
This part requires the scripts posted alongside this gist. To transfer them to the PI, try WinSCP (https://winscp.net/eng/download.php), putting them in a folder in your home directory called wgkeys and make sure to set the permissions for the shell files. Crucially, you MUST manually edit the two 'template' files: | |
-) Replace <PORT> with a port number, e.g. 51234 | |
-) Replace <DDNS> with a domain name, e.g. myvpn.myddns.org | |
-) Check that eth0 is correct for you | |
The scripts will auto replace the ones called <server-privatekey> etc. | |
1) Run 'genkeys.sh' | |
2) Run 'genconfigs.sh' | |
3) Install WireGuard app on client (e.g. on iOS: https://apps.apple.com/us/app/wireguard/id1441195209) | |
4) Run 'showclientqr.sh' and use QR code to transfer settings | |
5) Run 'up.sh' | |
6) Check it is working using 'sudo wg' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rm server_privatekey | |
rm server_publickey | |
rm client_privatekey | |
rm client_publickey | |
rm wg0.conf | |
rm client.conf | |
rm clientqr.png |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Interface] | |
PrivateKey = <client-privatekey> | |
Address = 10.100.100.2/32 | |
DNS = 192.168.1.2 | |
[Peer] | |
PublicKey = <server-publickey> | |
Endpoint = <DDNS>:<PORT> | |
AllowedIPs = 10.100.100.1/32, 192.168.1.0/24 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sudo wg-quick down /home/pi/wgkeys/wg0.conf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var_server_private=$(cat server_privatekey) | |
var_server_public=$(cat server_publickey) | |
var_client_private=$(cat client_privatekey) | |
var_client_public=$(cat client_publickey) | |
SERVERFILE=wg0.conf | |
cp server_config_template "$SERVERFILE" | |
sed -i "s|<server-privatekey>|$var_server_private|g" "$SERVERFILE" | |
sed -i "s|<server-publickey>|$var_server_public|g" "$SERVERFILE" | |
sed -i "s|<client-privatekey>|$var_client_private|g" "$SERVERFILE" | |
sed -i "s|<client-publickey>|$var_client_public|g" "$SERVERFILE" | |
CLIENTFILE=client.conf | |
cp client_config_template "$CLIENTFILE" | |
sed -i "s|<server-privatekey>|$var_server_private|g" "$CLIENTFILE" | |
sed -i "s|<server-publickey>|$var_server_public|g" "$CLIENTFILE" | |
sed -i "s|<client-privatekey>|$var_client_private|g" "$CLIENTFILE" | |
sed -i "s|<client-publickey>|$var_client_public|g" "$CLIENTFILE" | |
qrencode -t PNG -o clientqr.png < "$CLIENTFILE" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
FILE=server_privatekey | |
if [ ! -f "$FILE" ]; then | |
echo "Generating public and private keys." | |
wg genkey | tee "$FILE" | wg pubkey > server_publickey | |
wg genkey | tee client_privatekey | wg pubkey > client_publickey | |
else | |
echo "Key creation skipped. Private key exists. Delete $FILE to force recreation of all server and client keys." | |
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Interface] | |
Address = 10.100.100.1/24 | |
DNS = 192.168.1.2 | |
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE | |
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE | |
ListenPort = <PORT> | |
PrivateKey = <server-privatekey> | |
[Peer] | |
PublicKey = <client-publickey> | |
AllowedIPs = 10.100.100.2/32 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
qrencode -t ansiutf8 < client.conf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sudo wg-quick up /home/pi/wgkeys/wg0.conf |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment