Last active
September 30, 2023 05:10
-
-
Save kfatehi/43d40f4ee5f4cdc0c1539945935b2582 to your computer and use it in GitHub Desktop.
wireguard nat
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apt install wireguard-tools | |
| cd /etc/wireguard | |
| # https://www.wireguard.com/quickstart/ | |
| umask 077 | |
| wg genkey | tee privatekey | wg pubkey > publickey | |
| # https://stanislas.blog/2019/01/how-to-setup-vpn-server-wireguard-nat-ipv6/ | |
| echo "net.ipv4.ip_forward = 1 | |
| net.ipv6.conf.all.forwarding = 1" > /etc/sysctl.d/wg.conf | |
| sysctl --system | |
| #using ufw? https://serverfault.com/questions/1106535/wireguard-ufw-ufw-blocks-traffic-on-wg0-even-if-a-rule-allows-it | |
| ufw route allow in on wg0 | |
| watch out for dns leaks, read | |
| https://ubuntu.com/server/docs/wireguard-vpn-defaultgw |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Interface] | |
| PrivateKey = | |
| Address = 192.168.72.2/24, fd42:42:42::2/64 | |
| DNS = 8.8.8.8, 8.8.4.4 | |
| [Peer] | |
| PublicKey = | |
| AllowedIPs = 0.0.0.0/0, ::/0 | |
| Endpoint = 1.2.3.4:3074 | |
| PersistentKeepalive = 25 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Interface] | |
| Address = 192.168.72.1/24,fd42:42:42::1/64 | |
| ListenPort = 3074 | |
| PrivateKey = | |
| PostUp = iptables -t nat -A POSTROUTING -o ens160 -j MASQUERADE; ip6tables -t nat -A POSTROUTING -o ens160 -j MASQUERADE | |
| PostDown = iptables -t nat -D POSTROUTING -o ens160 -j MASQUERADE; ip6tables -t nat -D POSTROUTING -o ens160 -j MASQUERADE | |
| [Peer] | |
| PublicKey = | |
| AllowedIPs = 192.168.72.2/32, fd42:42:42::2/128 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment