WireGuard server on Oracle Cloud Always Free Compute Instance

oracle-wireguard-server.sh

# WIP
# The script is compatible with Canonical Ubuntu (Always Free Eligible) Minimal

sudo apt update
sudo apt install wireguard

# ifconfig to check your interfae
# for Ubuntu 20.04 Minimal 2021.03.25-0 it's ens3

# Generate keys (WIP)

sudo echo '
[Interface]
PrivateKey = server.key
Address = 192.168.16.1/24
ListenPort = 51820
PostUp = sysctl -w net.ipv4.ip_forward=1; iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE

[Peer]
PublicKey = client.pub
PresharedKey = shared.psk
AllowedIPs = 192.168.16.0/24
PersistentKeepalive = 25
' > /etc/wireguard/wg0.conf

# Firewall settings
# https://stackoverflow.com/a/54835902
# WireGuard uses udp.
sudo firewall-cmd --zone=public --permanent --add-port=51820/udp
sudo firewall-cmd --reload

Oracle Cloud VNC setup on web

Create VNC

Go to Virtual Cloud Networks. Create a VCN. Enable IPv6 CIDR block (/56).

Create Subnet

Create a subnet inside that VCN. Assign IPv4 CIDR block (any) and IPv6 CIDR block (/64). Choose Default Security List for $(VCN name).

Allow WireGuard

Go to Default Security List for $(VCN name). Add two new Ingress Rules. One for IPv4, SOURCE CIDR is 0.0.0.0/0. One for IPv6, SOURCE CIDR is ::/0. Both use IP Protocol UDP and port number 51820.

Create Internet Gateway

Check the above image to make sure you don't have something missing.