Skip to content

Instantly share code, notes, and snippets.

@scotticles

scotticles/wireguard-setup-multinodes.md

Last active December 1, 2020 04:39
Show Gist options
  • Save scotticles/3143e9bd3d18a5a0771f01578ba4923b to your computer and use it in GitHub Desktop.
Save scotticles/3143e9bd3d18a5a0771f01578ba4923b to your computer and use it in GitHub Desktop.
Download ZIP
Wireguard Setup with multiple nodes and cross-communication
Raw
wireguard-setup-multinodes.md

wireguard.md

Run this on each node after installing wireguard to create the public key and private key. It will make a wg0.conf in /etc/wireguard

(umask 077 && printf "[Interface]\nPrivateKey = " | sudo tee /etc/wireguard/wg0.conf > /dev/null)

wg genkey | sudo tee -a /etc/wireguard/wg0.conf | wg pubkey | sudo tee /etc/wireguard/publickey

main node

sudo vim /etc/ufw/sysctl.conf

change this value:
net/ipv4/ip_forward=1

#reload ufw
ufw disable
ufw enable

Postup and PostDown will allow communication between nodes

[Interface]
PrivateKey = generated_private_key
ListenPort = 5555
Address = 10.0.0.1/24
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE;
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE;

[Peer]
PublicKey = public_key_of_node_1
AllowedIPs = 10.0.0.2/32

[Peer]
PublicKey = public_key_of_node_2
AllowedIPs = 10.0.0.3/32

node_1

AllowsIps with 10.0.0.0/24 will allow communication between nodes.

[Interface]
PrivateKey = generated_private_key
ListenPort = 5555
Address = 10.0.0.2/24

[Peer]
PublicKey = public_key_of_main_node
AllowedIPs = 10.0.0.0/24
Endpoint = public_IP_of_main_node:5555

node_2

AllowsIps with 10.0.0.0/24 will allow communication between nodes.

[Interface]
PrivateKey = generated_private_key
ListenPort = 5555
Address = 10.0.0.3/24

[Peer]
PublicKey = public_key_of_main_node
AllowedIPs = 10.0.0.0/24
Endpoint = public_IP_of_main_node:5555

firewall setup

main node

#only allow peer access to wg port
sudo ufw allow 5555 from publicipofnode_1
sudo ufw allow 5555 from publicipofnode_2

#allow on wg0 ssh
sudo ufw allow in on wg0 to any port 22

node_1

sudo ufw allow in on wg0 to any port 22

node_2

sudo ufw allow in on wg0 to any port 22

commands

sudo systemctl start wg-quick@wg0
sudo systemctl restart wg-quick@wg0
sudo systemctl enable wg-quick@wg0  #auto starts on boot

sudo wg
ip addr show wg0

You should be able to ping the nodes and vise versa with this example and node 2 should be able to ssh into node 1 and main etc...

You can now add more nodes by following this example.

Resource used:

https://www.digitalocean.com/community/tutorials/how-to-create-a-point-to-point-vpn-with-wireguard-on-ubuntu-16-04

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment