Skip to content

Instantly share code, notes, and snippets.

@Fma965

Fma965/WIREGUARD.md Secret

Last active April 11, 2023 19:40
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Fma965/515c7add093bdc4fa4fa155b2fa35ba6 to your computer and use it in GitHub Desktop.
Save Fma965/515c7add093bdc4fa4fa155b2fa35ba6 to your computer and use it in GitHub Desktop.
Download ZIP
Wireguard configuration for VPS for Hetzner Google API issue (429 Error)
Raw
WIREGUARD.md

WIREGUARD Setup based on jshanks24/homescripts-fork

Configuration and steps for configuring a Wireguard client to only route traffic when from specific IP address.

Server Installation/Configuration

https://github.com/angristan/wireguard-install

curl -O https://raw.githubusercontent.com/angristan/wireguard-install/master/wireguard-install.sh

Client Installation/Configuration

This configuration method means you don't need to worry about potentially having to update routes if google update/remote/change their ranges.

Add an aditional IP to the network config (this assumes you are using netplan).

nano /etc/netplan/00-installer-config.yaml
# This is the network config written by 'subiquity'
network:
  ethernets:
    enp6s18:
      dhcp4: no
      addresses:
        - 10.0.0.3/24 # Standard IP
        - 10.0.0.254/24 # IP For Wireguard Traffic
      gateway4: 10.0.0.1
      nameservers:
        addresses: [10.0.0.1]
  version: 2

Enable forwarding in /etc/sysctl.conf.

nano /etc/sysctl.conf

Add or uncomment

net.ipv4.ip_forward=1

Run sysctl -p to apply the change.

sudo su - 
apt install wireguard
cd /etc/wireguard
nano wg0.conf
[Interface]
PrivateKey = [REDACTED]
Address = 10.66.66.2/32
DNS = 1.1.1.1,1.0.0.1
Table = off
PostUp = ip rule add from 10.0.0.254 table 42; ip route add default dev wg0 table 42; iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE;iptables -t nat -A PREROUTING -p tcp --dport 42345 -j DNAT --to 10.0.0.254
PostDown = ip rule del from 10.0.0.254 table 42; iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE;iptables -t nat -D PREROUTING -p tcp --dport 42345 -j DNAT --to 10.0.0.254

[Peer]
PublicKey = [REDACTED]
PresharedKey = [REDACTED]
Endpoint = [REDACTED]:54364
AllowedIPs = 0.0.0.0/0
wg-quick up wg0
systemctl enable wg-quick@wg0
wg show

Checking IP

curl ipinfo.io
# This should return your normal WAN IP information
#
curl ipinfo.io --interface 10.0.0.254
# This should return your VPN provider information

Making Rclone use the VPN (assumes you are using cloudbox/saltbox etc)

Updating the Rclone VFS Service

nano /opt/cloudbox/config.json

Append "--bind": "10.0.0.254" to the bottom of the "rclone_extras" section

Updating the CloudPlow configuration file

nano /etc/systemd/system/rclone_vfs.service

Append --bind=10.0.0.254 \ to the bottom of the "ExecStart" section

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment