Skip to content

Instantly share code, notes, and snippets.

@insdavm

insdavm/f28.md

Last active February 28, 2019 18:39
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save insdavm/d06d32118f9b244f644f4d2cbf005539 to your computer and use it in GitHub Desktop.
Save insdavm/d06d32118f9b244f644f4d2cbf005539 to your computer and use it in GitHub Desktop.
Download ZIP
/u/c5cf2ee6-1901-40a9
Raw
f28.md

/u/c5cf2ee6-1901-40a9

  • Tunnel Subnet 10.7.0.0/24
  • Host C Public IP 66.10.10.1 (just for the example)
  • Host A - 10.7.0.2
  • Host B - 10.7.0.3
  • Host C - 10.7.0.1

Host A wg0.conf

[Interface]
Address = 10.7.0.2/24
PrivateKey = [host A private key]
ListenPort = 21841
DNS = 10.7.0.1                # or 1.1.1.1 or whatever DNS you use

[Peer]
PublicKey = [host C public key]
Endpoint = 66.10.10.1:51820
AllowedIPs = 10.7.0.0/24

PersistentKeepalive = 25

Host B wg0.conf

[Interface]
Address = 10.7.0.3/24
PrivateKey = [host B private key]
ListenPort = 21841
DNS = 10.7.0.1                # or 1.1.1.1 or whatever DNS you use

[Peer]
PublicKey = [host C public key]
Endpoint = 66.10.10.1:51820
AllowedIPs = 10.7.0.0/24

PersistentKeepalive = 25

Host C wg0.conf

[Interface]
Address = 10.7.0.1/24
PrivateKey = [host C private key]
ListenPort = 51820

[Peer]
PublicKey = [host A public key]
AllowedIPs = 10.7.0.2/32

[Peer]
PublicKey = [host B public key]
AllowedIPs = 10.7.0.3/32

PersistentKeepalive = 25

Finished

  • Make sure you changed the ENDPOINT in Host A and B's configuration from 66.10.10.1 to Host C's actual public IP address.
  • You should now be able to ping any host on the 10.7.0.0/24 subnet from any client connected to the WireGuard network.
  • You do not need any PostUp or PostDown commands on C because the packets don't leave the wg0 interface on C.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment