Skip to content

Instantly share code, notes, and snippets.

@iammelea

iammelea/wireguard setup validator private and 2 sentrys

Last active March 29, 2020 16:46
Show Gist options
  • Star 4 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save iammelea/2b9237f0478a33ca0119be95bb36bc33 to your computer and use it in GitHub Desktop.
Save iammelea/2b9237f0478a33ca0119be95bb36bc33 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
wireguard setup validator private and 2 sentrys
$ sudo apt-get install wireguard
#if fail → via ppa
$ sudo add-apt-repository ppa:wireguard/wireguard
$ sudo apt-get update
$ sudo apt-get install wireguard
$ sudo systemctl stop wg-quick@wg0
$ sudo vi /etc/wireguard/wg0.conf
#Validator
[Interface]
Address = 10.0.0.1/24
SaveConfig = true
ListenPort = 51111
PrivateKey = private key wireguard validator
[Peer]
PublicKey = <run in sentry A=(cat /etc/wireguard/publickey) add the results here>
AllowedIPs = 10.0.0.2/32
Endpoint = IP sentry A:51111
[Peer]
PublicKey = <run in sentry b=(cat /etc/wireguard/publickey) add the results here>
AllowedIPs = 10.0.0.3/32
Endpoint = IP sentry B:51111
#save the file &
$ sudo systemctl start wg-quick@wg0
#public sentry A=
$ sudo systemctl stop wg-quick@wg0
$ sudo vi /etc/wireguard/wg0.conf
[Interface]
Address = 10.0.0.2/24
SaveConfig = true
ListenPort = 51111
PrivateKey = private key wireguard Sentry A
[Peer]
PublicKey = <run in validator b=(cat /etc/wireguard/publickey) add the results here>
AllowedIPs = 10.0.0.1/32
Endpoint = IP validator:51111
#save the file &
$ sudo systemctl start wg-quick@wg0
#public sentry B=
$ sudo systemctl stop wg-quick@wg0
$ sudo vi /etc/wireguard/wg0.conf
[Interface]
Address = 10.0.0.3/24
SaveConfig = true
ListenPort = 51111
PrivateKey = private key wireguard sentry B
[Peer]
PublicKey = <run in validator b=(cat /etc/wireguard/publickey) add the results here>
AllowedIPs = 10.0.0.1/32
Endpoint = IP validator:51111
#save the file &
$ sudo systemctl start wg-quick@wg0
#check Validator
$ sudo wg
interface: wg0
public key: xxxxxx
private key: (hidden)
listening port: 51111
peer: xxxxxx
endpoint: xxx:51111
allowed ips: 10.0.0.3/32
latest handshake: 3 seconds ago
transfer: 174.17 MiB received, 147.81 MiB sent
peer: xxxxx
endpoint: xxxxx:51111
allowed ips: 10.0.0.2/32
latest handshake: 1 minute, 20 seconds ago
transfer: 167.67 MiB received, 147.14 MiB sent
#check Sentry A
$ sudo wg
interface: wg0
public key: xxxxxx
private key: (hidden)
listening port: 51111
peer: xxxxxx
endpoint: xxx:51111
allowed ips: 10.0.0.1/32
latest handshake: 3 seconds ago
transfer: 174.17 MiB received, 147.81 MiB sent
#check Sentry B
$ sudo wg
interface: wg0
public key: xxxxxx
private key: (hidden)
listening port: 51111
peer: xxxxxx
endpoint: xxx:51111
allowed ips: 10.0.0.1/32
latest handshake: 3 seconds ago
transfer: 174.17 MiB received, 147.81 MiB sent
#Ping from validator to sentrys
ping -c 3 10.0.0.2
ping -c 3 10.0.0.1
=
```
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=86.5 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=86.7 ms
64 bytes from 10.0.0.2: icmp_seq=3 ttl=64 time=86.7 ms
--- 10.0.0.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
```
#Ping from sentry A to validator
ping -c 3 10.0.0.1
#Ping from sentry B to validator
ping -c 3 10.0.0.1
#this setup = Validator only need open port for VPN in this case is 51111 same port need open in Sentrys, also sentrys need more open ports for sync the chain, but not the validator.
#to start at boot=
$ sudo systemctl enable wg-quick@wg0
#Add more peers
$ sudo wg set wg0 peer public_key_of_second_server endpoint public_IP_of_second_server:5555 allowed-ips 10.0.0.2/32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment