Created
July 23, 2018 01:19
-
-
Save shawnl/e8a0f4224a1d1bd8f3b2f759127d2b1f to your computer and use it in GitHub Desktop.
wireguard openwrt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| ip netns add vpn | |
| ip link add wg0 type wireguard | |
| ip link set wg0 netns vpn | |
| ip netns exec vpn wg set wg0 private-key /root/private.key peer sL402eL6MC9jcqbPaUuFHuzbCL5U9QWCzWYCjAyIvx4= \ | |
| allowed-ips 0.0.0.0/0 allowed-ips 2000::/3 endpoint 198.46.198.198:51820 | |
| ip -n vpn addr add 10.66.3.5/24 dev wg0 | |
| ip -n vpn addr add 2001:470:f1db:2::5/64 dev wg0 | |
| ip -n vpn link set wg0 up | |
| ip -n vpn link set lo up | |
| ip -n vpn route add default dev wg0 scope global | |
| ip -n vpn -6 route add default dev wg0 scope global | |
| #iw phy phy0 set netns "$(ip netns exec vpn sh -c 'sleep 1 >&- & echo "$!"')" | |
| ip link set eth0.1 netns vpn | |
| #ip link set wlan1 netns vpn | |
| ip -n vpn link add br-lan type bridge | |
| ip -n vpn addr add 192.168.8.1/24 dev br-lan | |
| ip -n vpn addr add 2001:470:f1db:3400::1/64 dev br-lan | |
| ip -n vpn link set eth0.1 master br-lan | |
| #ip -n vpn link set wlan1 master br-lan | |
| ip -n vpn link set eth0.1 up | |
| #ip -n vpn link set wlan1 up | |
| ip -n vpn link set br-lan up | |
| ip netns exec vpn sh -c "echo 1 > /proc/sys/net/ipv6/conf/all/forwarding" | |
| ip netns exec vpn dnsmasq -C /etc/wg0/dnsmasq.conf& | |
| #ip netns exec vpn hostapd /etc/wg0/hostapd.conf& | |
| ip netns exec vpn iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o wg0 -j TCPMSS --clamp-mss-to-pmtu | |
| #I need mss 1400 because the remote host uses hurricane electric's 6in4 tunnel. Otherwise use --clamp-mss-to-pmtu here. | |
| ip netns exec vpn ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o wg0 -j TCPMSS --set-mss 1400 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment