Last active
October 13, 2021 07:05
-
-
Save itsuki-hayashi/3ce507f1d4ab913dc40abcb1c75287ef to your computer and use it in GitHub Desktop.
WireGuard VPN Server on CentOS 8
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/sysctl.conf | |
| net.core.default_qdisc = fq | |
| net.ipv4.tcp_congestion_control = bbr | |
| net.ipv4.conf.default.rp_filter = 1 | |
| net.ipv4.conf.all.rp_filter = 1 | |
| net.ipv4.ip_forward = 1 | |
| net.ipv4.tcp_syncookies = 1 | |
| net.ipv6.conf.all.forwarding = 1 | |
| #/usr/lib/firewalld/services/wireguard.xml | |
| <?xml version="1.0" encoding="utf-8"?> | |
| <service> | |
| <short>WireGuard</short> | |
| <description>Wireguard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. </description> | |
| <port protocol="udp" port="51820"/> | |
| </service> | |
| sudo firewall-cmd --zone=public --add-masquerade --permanent | |
| # /etc/wireguard/wg0.conf | |
| /etc/wireguard/wg0.conf | |
| [Interface] | |
| Address = 10.200.200.1/24 | |
| ListenPort = 51820 | |
| PrivateKey = [SERVER PRIVATE KEY] | |
| # note - substitute eth0 in the following lines to match the Internet-facing interface | |
| PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE | |
| PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE | |
| [Peer] | |
| # foo | |
| PublicKey = [FOO'S PUBLIC KEY] | |
| PresharedKey = [PRE-SHARED KEY] | |
| AllowedIPs = 10.200.200.2/32 | |
| [Peer] | |
| # bar | |
| PublicKey = [BAR'S PUBLIC KEY] | |
| AllowedIPs = 10.200.200.3/32 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment