Created
October 14, 2019 10:43
-
-
Save elreydetoda/e365c86aeab6fc6bb69a6697b2acdefb to your computer and use it in GitHub Desktop.
algo_blog_post_03 commands for algo blog post: https://blog.secureideas.com/2019/10/wireguard's-pki-in-5-steps-or-less.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# if you a vanilla install | |
wget 'https://gist.githubusercontent.com/elreydetoda/bac472aef59fc8d47145c4f25330187b/raw/Vagrantfile' | |
# if you want my personal config | |
wget -O Vagrantfile 'https://gist.githubusercontent.com/elreydetoda/bac472aef59fc8d47145c4f25330187b/raw/Vagrantfile.elrey' | |
## my personal config contains the following customizations | |
# - pki_in_tmpfs: false - changed to not be in tmpfs so you can continue to use wireguard for long periods of time (although, cool feature checkout more here: https://github.com/trailofbits/algo/issues/145) | |
# - disables ipsec vpn, to only use wireguard | |
# - sets the wireguard_PersistentKeepalive to 25 to help with NAT Traversal (https://www.wireguard.com/quickstart/#nat-and-firewall-traversal-persistence) | |
# - change ip address to 100.66.0.0/24 so it doesn't clash with internal ips: https://en.wikipedia.org/wiki/Reserved_IP_addresses | |
# - enable unattended_reboot (reboot machine if need to install updates: https://github.com/trailofbits/algo/blob/f8ce1f84a2777f18803d62e4324bbf67989a7450/config.cfg#L99-L103) | |
# - BetweenClients_DROP: false - Allow clients to communicate to each other (to allow you to ssh or rdp to them) | |
# start the vm and ssh in | |
vagrant up && vagrant ssh | |
# set your users under the user section of config.cfg | |
nano config.cfg | |
# run the algo script | |
./algo | |
# setup your clients that you generated |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment