Last active
January 15, 2022 18:51
-
-
Save Nurlan199206/05b1237bae283271513251939f8bcae6 to your computer and use it in GitHub Desktop.
wireguard VPN Ubuntu 20.04
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -----------------------/etc/sysctl.conf--------------------------- | |
| net.ipv4.ip_forward = 1 | |
| net.ipv6.conf.default.forwarding = 1 | |
| net.ipv6.conf.all.forwarding = 1 | |
| net.ipv4.conf.all.rp_filter = 1 | |
| net.ipv4.conf.default.proxy_arp = 0 | |
| net.ipv4.conf.default.send_redirects = 1 | |
| net.ipv4.conf.all.send_redirects = 0 | |
| ------------------------------------------------------------------- | |
| then sysctl -p | |
| =========================================server setup====================================================== | |
| 1. sudo apt install wireguard | |
| 2. mkdir /etc/wireguard/clients | |
| 3. wg genkey | sudo tee /etc/wireguard/server_privatekey | wg pubkey | sudo tee /etc/wireguard/server_publickey | |
| 4. sudo vi /etc/wireguard/wg0.conf | |
| [Interface] | |
| Address = 10.0.0.1/24 | |
| ListenPort = 3785 | |
| PrivateKey = SERVER_PRIVATE_KEY | |
| PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE | |
| PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE | |
| 5. sudo chmod 600 /etc/wireguard/{privatekey,wg0.conf} | |
| 6. sudo wg-quick up wg0 && sudo systemctl enable wg-quick@wg0 | |
| 7. wg or sudo wg show wg0 | |
| =============================client setup================================= | |
| 1. wg genkey | sudo tee /etc/wireguard/clients/nurlan-privatekey | wg pubkey | sudo tee /etc/wireguard/clients/nurlan-publickey | |
| 2. на сервере добавляем эти настройки test.conf в /etc/wireguard/clients/test.conf | |
| [Interface] | |
| PrivateKey = CLIENT_PRIVATE_KEY generated from /etc/wireguard/clients/nurlan-privatekey | |
| ListenPort = 51893 | |
| Address = 10.0.0.2/32, fd00::4/8 | |
| DNS = 8.8.8.8 | |
| MTU = 1280 | |
| [Peer] | |
| PublicKey = SERVER_PUBLIC_KEY generated from /etc/wireguard/server-privatekey | |
| AllowedIPs = 0.0.0.0/0, ::/0 | |
| Endpoint = SERVER_IP_ADDRESS:3785 | |
| PersistentKeepalive = 25 | |
| 3. sudo wg set wg0 peer CLIENT_PUBLIC_KEY allowed-ips 10.0.0.2 - команда добавляет пира на сервер | |
| 4. apt install qrencode | |
| qrencode -t ansiutf8 < test.conf | |
| ===============================================WIREGUARD with preshared keys=============================================== | |
| -----------------------/etc/sysctl.conf--------------------------- | |
| net.ipv4.ip_forward = 1 | |
| net.ipv6.conf.default.forwarding = 1 | |
| net.ipv6.conf.all.forwarding = 1 | |
| net.ipv4.conf.all.rp_filter = 1 | |
| net.ipv4.conf.default.proxy_arp = 0 | |
| net.ipv4.conf.default.send_redirects = 1 | |
| net.ipv4.conf.all.send_redirects = 0 | |
| ------------------------------------------------------------------- | |
| then sysctl -p | |
| =========================================server setup====================================================== | |
| 1. sudo apt install wireguard | |
| 2. mkdir /etc/wireguard/clients | |
| 3. wg genkey | sudo tee /etc/wireguard/server_privatekey | wg pubkey | sudo tee /etc/wireguard/server_publickey | |
| 4. wg genpsk > client.psk | |
| 5. sudo vi /etc/wireguard/wg0.conf | |
| [Interface] | |
| Address = 10.0.0.1/24 | |
| ListenPort = 3785 | |
| PrivateKey = SERVER_PRIVATE_KEY | |
| PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE | |
| PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE | |
| [Peer] | |
| PresharedKey = CLIENT_PRESHARED_KEY | |
| PublicKey = SERVER_PUBLIC_KEY | |
| AllowedIPs = 10.0.0.2/32 | |
| 5. sudo chmod 600 /etc/wireguard/{privatekey,wg0.conf} | |
| 6. sudo wg-quick up wg0 && sudo systemctl enable wg-quick@wg0 | |
| 7. wg or sudo wg show wg0 | |
| =============================client setup================================= | |
| 1. wg genkey | sudo tee /etc/wireguard/clients/nurlan-privatekey | wg pubkey | sudo tee /etc/wireguard/clients/nurlan-publickey | |
| 2. на сервере добавляем эти настройки test.conf в /etc/wireguard/clients/test.conf | |
| [Interface] | |
| PrivateKey = CLIENT_PRIVATE_KEY generated from /etc/wireguard/clients/nurlan-privatekey | |
| ListenPort = 51893 | |
| Address = 10.0.0.2/32, fd00::4/8 | |
| DNS = 8.8.8.8 | |
| MTU = 1280 | |
| [Peer] | |
| PublicKey = SERVER_PUBLIC_KEY generated from /etc/wireguard/server-privatekey | |
| AllowedIPs = 0.0.0.0/0, ::/0 | |
| PresharedKey = CLIENT_PRESHARED_KEY | |
| Endpoint = SERVER_IP_ADDRESS:3785 | |
| PersistentKeepalive = 25 | |
| 3. sudo wg set wg0 peer CLIENT_PUBLIC_KEY preshared-key /etc/wireguard/client.psk allowed-ips 10.0.0.2 - команда добавляет пира на сервер | |
| 4. apt install qrencode | |
| qrencode -t ansiutf8 < test.conf | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment