nikitasius/readme.md

## readme.md

      
    Raw
  

              readme.md
            
          
Install Wireguard aptitude install wireguard
create keys for your node

cd /etc/wireguard/
umask 077; wg genkey | tee wg0.key | wg pubkey > wg0.pub


Next make your config touch /etc/wireguard/wg0.conf, inside you can put this:
#VPN

[Interface]
Address = 192.168.1.1/24
SaveConfig = false
ListenPort = 12345
PrivateKey = HERE__IS_WHATS_IN_wg0.key

PostUp = /etc/wireguard/helper/add-wg0.sh
PostDown = /etc/wireguard/helper/remove-wg0.sh
Next lets tune iptables and open some ports. We do it with files add-wg0.sh & remove-wg0.sh

add-wg0.sh

#!/bin/bash
IPT="iptables"

IN_FACE="eth0"                   # NIC connected to the internet
WG_FACE="wg0"                    # WG NIC 
SUB_NET="192.168.1.0/24"            # WG IPv4 sub/net aka CIDR
WG_PORT="12345"                  # WG udp port
WG_GATEWEY="192.168.1.1"

## IPv4 ##
$IPT -t nat -I POSTROUTING 1 -s $SUB_NET -o $IN_FACE -j MASQUERADE
$IPT -I INPUT 1 -i $WG_FACE -j ACCEPT
$IPT -I FORWARD 1 -i $IN_FACE -o $WG_FACE -j ACCEPT
$IPT -I FORWARD 1 -i $WG_FACE -o $IN_FACE -j ACCEPT
$IPT -I INPUT 1 -i $IN_FACE -p udp --dport $WG_PORT -j ACCEPT
$IPT -A FORWARD -i $WG_FACE -s $SUB_NET -j DROP

remove-wg0.sh

#!/bin/bash
IPT="iptables"

IN_FACE="eth0"                   # NIC connected to the internet
WG_FACE="wg0"                    # WG NIC 
SUB_NET="192.168.1.0/24"            # WG IPv4 sub/net aka CIDR
WG_PORT="12345"                  # WG udp port
WG_GATEWEY="192.168.1.1"

# IPv4 rules #
$IPT -t nat -D POSTROUTING -s $SUB_NET -o $IN_FACE -j MASQUERADE
$IPT -D INPUT -i $WG_FACE -j ACCEPT
$IPT -D FORWARD -i $IN_FACE -o $WG_FACE -j ACCEPT
$IPT -D FORWARD -i $WG_FACE -o $IN_FACE -j ACCEPT
$IPT -D INPUT -i $IN_FACE -p udp --dport $WG_PORT -j ACCEPT
$IPT -D FORWARD -i $WG_FACE -s $SUB_NET -j DROP


don't forget chmod +x each of this files.


systemctl enable wg-quick@wg0


systemctl start wg-quick@wg0


systemctl status wg-quick@wg0


Now lets add some scripts. We need qrencode for QR codes, so lets install it aptitude install qrencode.
Now create wg_create_wg0 and add chmod +x.
#!/bin/bash
echo "nickname"
read wg_nickname
echo "ip (192.168.1.2 etc):"
read wg_ip
wg_net="/32"
###############################################################
wg_dns="YOUR_DNS_HERE"
wg_c_private=$(wg genkey | tee)
wg_c_public=$(echo "$wg_c_private" | wg pubkey)
wg_iface="wg0"
wg_endpoint="YOUR_ENDPOINT:ANDPORT"
wg_s_pubkey="HERE__IS_WHATS_IN_wg0.pub"
###############################################################
wg_cl_01="[Interface]"
wg_cl_02="PrivateKey = ${wg_c_private}"
wg_cl_03="Address = ${wg_ip}/24"
wg_cl_04="DNS = ${wg_dns}"
wg_cl_05="[Peer]"
wg_cl_06="PublicKey = ${wg_s_pubkey}"
wg_cl_07="AllowedIPs = 0.0.0.0/0"
wg_cl_08="Endpoint = ${wg_endpoint}"
wg_cl_09="PersistentKeepalive = 60"

wg_client_full="
${wg_cl_01}
${wg_cl_02}
${wg_cl_03}
${wg_cl_04}
${wg_cl_05}
${wg_cl_06}
${wg_cl_07}
${wg_cl_08}
${wg_cl_09}
"

wg_sr_01="[Peer]"
wg_sr_02="PublicKey = ${wg_c_public}"
wg_sr_03="AllowedIPs = ${wg_ip}${wg_net}"

wg_server_full="
# ${wg_nickname}
${wg_sr_01}
${wg_sr_02}
${wg_sr_03}
"

echo "$wg_server_full" >> /etc/wireguard/${wg_iface}.conf

systemctl reload wg-quick@${wg_iface}

echo "$wg_client_full" | qrencode -t ansiutf8

exit 0
Each time your tune this script it will ask for "nickname" (or any label) for the peer it will generate and add into main config and for IP address.
After it will add peer into wg0.conf, reload service and display a QR code which can be flashed with a phone.
Another way: you can generate private/public keys on phone, then just add [peer] into wg0.conf:
# someuser
[Peer]
PublicKey = CLIENTS_PUBLIC_KEY
AllowedIPs = 192.168.1.2/32