gladiopeace · August 14, 2024 00:39
diff --git a/0-wireguard-readme.md b/0-wireguard-readme.md
diff --git a/1-wireguard-client-setup.sh b/1-wireguard-client-setup.sh
 #!/bin/bash
 ########################################################################################
 # Installs a Wireguard "client" on Ubuntu 20.04
 #
 # Source: https://linuxize.com/post/how-to-set-up-wireguard-vpn-on-ubuntu-18-04/
 ########################################################################################

 # Installation
 sudo apt update
 sudo apt install -y wireguard

 # Configuration
 sudo mkdir -p /etc/wireguard/
 sudo sh -c 'umask 077; touch /etc/wireguard/wg0.conf'
 sudo sh -c 'umask 077; wg genkey | tee /etc/wireguard/privatekey | wg pubkey > /etc/wireguard/publickey'

 sudo bash -c 'cat <<EOF > /etc/wireguard/wg0.conf
 [Interface]
 PrivateKey = PRIV_KEY_PLACEHOLDER
 Address = 10.0.0.20/32

 [Peer]
 PublicKey = SERVER_PUBLIC_KEY
 PresharedKey = SERVER_PRESHARED_KEY
 Endpoint = SERVER_PUBLIC_IP:51820
 AllowedIPs = 0.0.0.0/0
 PersistentKeepalive = 25
 EOF'

 sudo sed -i "s/PRIV_KEY_PLACEHOLDER/$(sudo cat /etc/wireguard/privatekey)/g" /etc/wireguard/wg0.conf

 # Manually replace the two "SERVER_*" placeholders with the values from the server! Do the same for the "SERVER_PRESHARED_KEY" placeholder!

 # Finally test the connection:
 sudo wg-quick up wg0
 # Get connection stats
 sudo wg
diff --git a/3-wireguard-server-setup.sh b/3-wireguard-server-setup.sh
 #!/bin/bash
 ########################################################################################
 # Installs a Wireguard "server" on CentOS 8 or RHEL 8
 #
 # Sources: 
 #   - https://www.cyberciti.biz/faq/centos-8-set-up-wireguard-vpn-server/
 #   - https://www.linode.com/docs/networking/vpn/set-up-wireguard-vpn-on-ubuntu/
 ########################################################################################

 ### Installation
 sudo dnf check-update
 sudo dnf install -y epel-release # OR on RHEL 8: sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
 sudo dnf config-manager --set-enabled PowerTools # NOT required on RHEL 8
 sudo dnf copr enable -y jdoss/wireguard
 sudo dnf install -y wireguard-dkms wireguard-tools

 ### Configuration
 sudo mkdir -p /etc/wireguard/
 sudo sh -c 'umask 077; touch /etc/wireguard/wg0.conf'
 sudo sh -c 'umask 077; wg genkey | tee /etc/wireguard/privatekey | wg pubkey > /etc/wireguard/publickey'
 sudo sh -c 'umask 077; wg genpsk | tee /etc/wireguard/pskkey-peer-1'

 sudo bash -c 'cat <<EOF > /etc/wireguard/wg0.conf
 [Interface]
 Address = 10.0.0.1/32
 ListenPort = 51820
 PrivateKey = PRIV_KEY_PLACEHOLDER
 SaveConfig = true

 [Peer]
 PublicKey = PUBLIC_KEY_FROM_CLIENT_1
 PresharedKey = PRESHARED_KEY_PEER_1
 AllowedIPs = 10.0.0.20/32
 EOF'

 sudo sed -i "s/PRIV_KEY_PLACEHOLDER/$(sudo cat /etc/wireguard/privatekey)/g" /etc/wireguard/wg0.conf
 sudo sed -i "s/PRESHARED_KEY_PEER_1/$(sudo cat /etc/wireguard/pskkey-peer-1)/g" /etc/wireguard/wg0.conf

 # Manually replace the "PUBLIC_KEY_FROM_CLIENT_1" with the peers (client) public key!

 sudo bash -c 'cat <<EOF > /etc/firewalld/services/wireguard.xml
 <?xml version="1.0" encoding="utf-8"?>
 <service>
  <short>wireguard</short>
  <description>WireGuard open UDP port 51820 for client connections</description>
  <port protocol="udp" port="51820"/>
 </service>
 EOF'

 sudo firewall-cmd --permanent --add-service=wireguard --zone=public
 sudo firewall-cmd --permanent --zone=public --add-masquerade
 sudo firewall-cmd --reload
 sudo firewall-cmd --list-all

 sudo bash -c 'cat <<EOF > /etc/sysctl.d/10-wireguard.conf
 net.core.default_qdisc = fq
 net.ipv4.tcp_congestion_control = bbr ## for IPv4 ##
 net.ipv4.ip_forward = 1
 net.ipv4.conf.default.rp_filter = 1
 net.ipv4.conf.all.rp_filter = 1
 net.ipv4.tcp_syncookies = 1
 # Only required when dual stack is used
 #net.ipv6.conf.all.forwarding = 1
 EOF'
 sudo sysctl -p /etc/sysctl.d/10-wireguard.conf

 sudo firewall-cmd --add-interface=wg0 --zone=internal
 sudo firewall-cmd --permanent --zone=internal --add-masquerade
 sudo systemctl enable --now wg-quick@wg0
 sudo systemctl status wg-quick@wg0

 sudo wg
 sudo ip a show wg0
	#!/bin/bash
	########################################################################################
	# Installs a Wireguard "client" on Ubuntu 20.04
	#
	# Source: https://linuxize.com/post/how-to-set-up-wireguard-vpn-on-ubuntu-18-04/
	########################################################################################

	# Installation
	sudo apt update
	sudo apt install -y wireguard

	# Configuration
	sudo mkdir -p /etc/wireguard/
	sudo sh -c 'umask 077; touch /etc/wireguard/wg0.conf'
	sudo sh -c 'umask 077; wg genkey \| tee /etc/wireguard/privatekey \| wg pubkey > /etc/wireguard/publickey'

	sudo bash -c 'cat <<EOF > /etc/wireguard/wg0.conf
	[Interface]
	PrivateKey = PRIV_KEY_PLACEHOLDER
	Address = 10.0.0.20/32

	[Peer]
	PublicKey = SERVER_PUBLIC_KEY
	PresharedKey = SERVER_PRESHARED_KEY
	Endpoint = SERVER_PUBLIC_IP:51820
	AllowedIPs = 0.0.0.0/0
	PersistentKeepalive = 25
	EOF'

	sudo sed -i "s/PRIV_KEY_PLACEHOLDER/$(sudo cat /etc/wireguard/privatekey)/g" /etc/wireguard/wg0.conf

	# Manually replace the two "SERVER_*" placeholders with the values from the server! Do the same for the "SERVER_PRESHARED_KEY" placeholder!

	# Finally test the connection:
	sudo wg-quick up wg0
	# Get connection stats
	sudo wg
	#!/bin/bash
	########################################################################################
	# Installs a Wireguard "server" on CentOS 8 or RHEL 8
	#
	# Sources:
	# - https://www.cyberciti.biz/faq/centos-8-set-up-wireguard-vpn-server/
	# - https://www.linode.com/docs/networking/vpn/set-up-wireguard-vpn-on-ubuntu/
	########################################################################################

	### Installation
	sudo dnf check-update
	sudo dnf install -y epel-release # OR on RHEL 8: sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
	sudo dnf config-manager --set-enabled PowerTools # NOT required on RHEL 8
	sudo dnf copr enable -y jdoss/wireguard
	sudo dnf install -y wireguard-dkms wireguard-tools

	### Configuration
	sudo mkdir -p /etc/wireguard/
	sudo sh -c 'umask 077; touch /etc/wireguard/wg0.conf'
	sudo sh -c 'umask 077; wg genkey \| tee /etc/wireguard/privatekey \| wg pubkey > /etc/wireguard/publickey'
	sudo sh -c 'umask 077; wg genpsk \| tee /etc/wireguard/pskkey-peer-1'

	sudo bash -c 'cat <<EOF > /etc/wireguard/wg0.conf
	[Interface]
	Address = 10.0.0.1/32
	ListenPort = 51820
	PrivateKey = PRIV_KEY_PLACEHOLDER
	SaveConfig = true

	[Peer]
	PublicKey = PUBLIC_KEY_FROM_CLIENT_1
	PresharedKey = PRESHARED_KEY_PEER_1
	AllowedIPs = 10.0.0.20/32
	EOF'

	sudo sed -i "s/PRIV_KEY_PLACEHOLDER/$(sudo cat /etc/wireguard/privatekey)/g" /etc/wireguard/wg0.conf
	sudo sed -i "s/PRESHARED_KEY_PEER_1/$(sudo cat /etc/wireguard/pskkey-peer-1)/g" /etc/wireguard/wg0.conf

	# Manually replace the "PUBLIC_KEY_FROM_CLIENT_1" with the peers (client) public key!

	sudo bash -c 'cat <<EOF > /etc/firewalld/services/wireguard.xml
	<?xml version="1.0" encoding="utf-8"?>
	<service>
	<short>wireguard</short>
	<description>WireGuard open UDP port 51820 for client connections</description>
	<port protocol="udp" port="51820"/>
	</service>
	EOF'

	sudo firewall-cmd --permanent --add-service=wireguard --zone=public
	sudo firewall-cmd --permanent --zone=public --add-masquerade
	sudo firewall-cmd --reload
	sudo firewall-cmd --list-all

	sudo bash -c 'cat <<EOF > /etc/sysctl.d/10-wireguard.conf
	net.core.default_qdisc = fq
	net.ipv4.tcp_congestion_control = bbr ## for IPv4 ##
	net.ipv4.ip_forward = 1
	net.ipv4.conf.default.rp_filter = 1
	net.ipv4.conf.all.rp_filter = 1
	net.ipv4.tcp_syncookies = 1
	# Only required when dual stack is used
	#net.ipv6.conf.all.forwarding = 1
	EOF'
	sudo sysctl -p /etc/sysctl.d/10-wireguard.conf

	sudo firewall-cmd --add-interface=wg0 --zone=internal
	sudo firewall-cmd --permanent --zone=internal --add-masquerade
	sudo systemctl enable --now wg-quick@wg0
	sudo systemctl status wg-quick@wg0

	sudo wg
	sudo ip a show wg0