N. P. O'Donnell, 2021
Bring eth0
interface down:
WARNING: If you do this remotely (like through an SSH connection), it will disconnect you...
ip link set eth0 down
Bring eth0
interface up:
ip link set eth0 up
ip link set dev eth0 mtu 1420
Scenario involves 2 machines.
Machine 1's IP address is 172.31.95.154
Machine 2's IP address is 172.32.31.103
On machine 1:
ip tunnel add tun0 mode ipip remote 172.32.31.103 local 172.31.95.154
On machine 2:
ip tunnel add tun0 mode ipip remote 172.31.95.154 local 172.32.31.103
Make sure the IP addresses don't clash with existing ones!
On machine 1:
ip address add 192.168.0.1/24 dev tun0
On machine 2:
ip address add 192.168.0.2/24 dev tun0
On both machines:
ip link set tun0 up
Then a ping test...
On machine 1:
ping 192.168.0.2
On machine 2:
ping 192.168.0.1
Display the routing table:
ip route show
Route all traffic to a single IP address 135.125.202.171
through interface tun0
:
ip route add 135.125.202.171 dev tun0
Route all traffic to IP address range 8.8.0.0/16
via 192.168.0.2
:
ip route add 8.8.0.0/16 via 192.168.0.2
Get the root for 8.8.8.8:
ip route get 8.8.8.8
Create private key:
wg genkey
Create Public Key:
wg pubkey
Then paste in the private key followed by Ctrl-D.
Or use pipes.
One liner:
((wg genkey | tee privkey) | wg pubkey) > pubkey
Install Wireguard on Amazon Linux 2 (as root):
yum upgrade -y
amazon-linux-extras install -y epel
curl -Lo /etc/yum.repos.d/wireguard.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
yum clean all
yum install -y wireguard-dkms wireguard-tools
Configuration File:
/etc/wireguard/wg0.conf
Check status:
wg
WG Quick is used for quickly prototyping wireguard configurations.
Bring wg0 interface up:
wg-quick up wg0
Bring wg0 interface down:
wg-quick down wg0
On receiving machine:
socat -u udp-recv:12345,reuseaddr -
On sending machine:
socat - udp-sendto:<ip>:12345
Then type some characters on the sending machine.
Show all traffic:
sudo tcpdump
Show UDP traffic:
sudo tcpdump udp