-
-
Save SM443/30aafa88837b8fc017389a810bb9b329 to your computer and use it in GitHub Desktop.
WireGuard Complete Installation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo apt-get update && sudo apt-get -y upgrade && sudo apt-get autoremove -y | |
| ## For Regular Linux Server/PC | |
| sudo apt install software-properties-common && sudo apt install linux-headers-$(uname -r) | |
| ## Raspberry Pi | |
| sudo apt install raspberrypi-kernel-headers libelf-dev libmnl-dev build-essential git -y | |
| ## Install WireGuard and WireGuard Tools | |
| sudo apt install wireguard wireguard-tools resolvconf -y | |
| wg genkey | sudo tee /etc/wireguard/privatekey | wg pubkey | sudo tee /etc/wireguard/publickey | |
| ifconfig | |
| sudo nano /etc/wireguard/wg0.conf | |
| ## WireGuard VPN Server Config File | |
| #Server: | |
| [Interface] | |
| Address = 10.26.26.1/24, fd26:26:26::1/64 | |
| ListenPort = 51820 | |
| PrivateKey = SERVER-PRIVATE-KEY | |
| SaveConfig = true | |
| ## Firewall Rules | |
| PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o YOUR-IPv4-INTERFACE-NAME -j MASQUERADE; ip6tables -t nat -A POSTROUTING -o YOUR-IPv6-INTERFACE-NAME -j MASQUERADE | |
| PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o YOUR-IPv4-INTERFACE-NAME -j MASQUERADE; ip6tables -t nat -D POSTROUTING -o YOUR-IPv6-INTERFACE-NAME -j MASQUERADE | |
| #Client Profile | |
| #Laptop: | |
| [Peer] | |
| Public Key = CLIENT-1-PUBLIC-KEY | |
| AllowedIPs = 10.26.26.2/32, fd26:26:26::2/128 | |
| #Android: | |
| [Peer] | |
| Public Key = CLIENT-2-PUBLIC-KEY | |
| AllowedIPs = 10.26.26.3/32, fd26:26:26::3/128 | |
| ## Start WireGuard Interface | |
| sudo wg-quick up wg0 | |
| ## Check WireGuard Interface | |
| sudo wg show wg0 | |
| ## Auto Start WireGuard Interface after boot | |
| sudo systemctl enable wg-quick@wg0 | |
| ## Enable System IP forwarding | |
| echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf | |
| echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.conf | |
| sudo sysctl -p /etc/sysctl.conf | |
| ## Allow Firewall to Accept SSH and WireGuard Traffic | |
| ufw alliow 22/tcp | |
| sudo ufw allow 51820/udp | |
| ## Edit WireGuard Configuration | |
| sudo nano /etc/wireguard/wg0.conf | |
| ## WireGuard VPN Client Config File | |
| [Interface] | |
| PrivateKey = CLIENT-PRIVATE-KEY | |
| Address = 10.26.26.2/24, fd26:26:26::2/64 | |
| ListenPort = 51820 | |
| DNS = 1.1.1.1, 2606:4700:4700::1111 | |
| MTU = 1370 | |
| ## VPN Server Public Key | |
| [Peer] | |
| PublicKey = SERVER-PUBLIC-KEY | |
| Endpoint = SERVER-IP:51820 | |
| AllowedIPs = 0.0.0.0/0, ::/0 | |
| PersistentKeepalive = 25 | |
| ## To add a new Peer, here is an example. | |
| sudo wg set wg0 peer NEW-CLIENT-PUBLIC-KEY allowed-ips 10.26.26.15 | |
| ## To remove a existing peer, here is an example. | |
| sudo wg set wg0 peer NEW-CLIENT-PUBLIC-KEY allowed-ips 10.26.26.15 remove | |
| ## WireGuard with Port Forwarding | |
| PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; iptables -t nat -A PREROUTING -i eth0 -p tcp -m multiport --dports 45678,56789 -j DNAT --to-destination 10.26.26.2; iptables -t nat -A POSTROUTING -d 10.26.26.2 -j MASQUERADE; | |
| PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; iptables -t nat -D PREROUTING -i eth0 -p tcp -m multiport --dports 45678,56789 -j DNAT --to-destination 10.26.26.2; iptables -t nat -D POSTROUTING -d 10.26.26.2 -j MASQUERADE; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment