add `wireguard` config

2023-08-12 03:46:15 +02:00 · 2023-08-12 03:46:15 +02:00 · 3a9345325c
parent d003cba289
commit 3a9345325c
3 changed files with 34 additions and 0 deletions
--- a/.config/wireguard/README
+++ b/.config/wireguard/README
@ -0,0 +1,10 @@
+serverside configuration
+
+   sudo sysctl -w net.ipv4.ip_forward=1
+   sudo sed -i "s/^#net.ipv4.ip_forward = 1/net.ipv4.ip_forward = 1/" /etc/sysctl.conf
+
+
+generating keys
+
+   wg genkey > client.key
+   wg pubkey < client.key > client.pub
--- a/.config/wireguard/client.conf
+++ b/.config/wireguard/client.conf
@ -0,0 +1,9 @@
+[Interface]
+Address = 10.200.200.2/32
+PrivateKey = <client private key>
+
+[Peer]
+PublicKey = <server public key>
+Endpoint = <server ip>:1194
+AllowedIPs = 0.0.0.0/0, ::/0
+
--- a/.config/wireguard/server.conf
+++ b/.config/wireguard/server.conf
@ -0,0 +1,15 @@
+[Interface]
+Address = 10.200.200.1/24
+ListenPort = 1194
+PrivateKey = <server private key>
+
+PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o <interface name> -j MASQUERADE
+PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o i -j ACCEPT; iptables -t nat -D POSTROUTING -o <interface name> -j MASQUERADE
+
+[Peer]
+PublicKey = <client public key>
+AllowedIPs = 10.200.200.2/32
+
+[Peer]
+PublicKey = <client public key>
+AllowedIPs = 10.200.200.3/32