Skip to content

Instantly share code, notes, and snippets.

@ViRb3

ViRb3/wireguard-internet-vpn-linux.md

Last active August 5, 2018 00:15
Show Gist options
  • Save ViRb3/308c2acc9a272ef120e43fb59b9a19be to your computer and use it in GitHub Desktop.
Save ViRb3/308c2acc9a272ef120e43fb59b9a19be to your computer and use it in GitHub Desktop.
Download ZIP
WireGuard Internet VPN
Raw
wireguard-internet-vpn-linux.md

1. Set up WireGuard

Set up a WireGuard connection following this quick start guide.

2. Enable IP Forwarding on the server

This tells the computer that it should pass along any traffic that is meant for a different computer on its network.

We modify /etc/sysctl.conf:

net.ipv4.ip_forward = 1

and force a configuration reload:

sysctl -p

or simply:

echo 1 > /proc/sys/net/ipv4/ip_forward

3. Tell UFW to forward packets (if using it)

By default, UFW blocks all forwarding. You can insert the following rule under /etc/ufw/before.rules, to the already existing filter section or your own one (remember to COMMIT!):

*filter
    .
    .
-A FORWARD -i wg0 -j ACCEPT
    .
    .
COMMIT

Make sure to change the interface wg0 to your WireGuard interface.

4. Configure a static route (if behind router)

You have to route all packets sent to the client's virtual IP back to the VPN server.

Example using Cisco router:

10.8.0.0 - virtual network subnet
255.255.255.0 - virtual network subnet mask
192.168.1.175 - VPN server internal IP (in the subnet of the router)

router setup

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment