Created
November 26, 2023 03:57
-
-
Save wxk6b1203/5c67f5bc509449fe4545b5a7858dfb3a to your computer and use it in GitHub Desktop.
Make your ECS which owns a public IP to be an router by Wireguard. Make sure change the keys and put it into /etc/wireguard/.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Interface] | |
| # self addresss | |
| Address = 10.7.0.1/24 | |
| PrivateKey = AAAAA | |
| # Important: IP table that allow to forward and MASQUERADE package. | |
| # Before using this, make sure to set net.ipv4.ip_forward = 1 at /etc/sysctl.conf | |
| PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE | |
| PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE | |
| # Any port firewall like iptables or firewalld allowd to access is okey. | |
| ListenPort = 8881 | |
| [Peer] | |
| PublicKey = BBBBB | |
| PresharedKey = CCCCC | |
| # Cannot be a CIDR. Dedicated IP is just fine. | |
| AllowedIPs = 10.7.0.2/32 | |
| PersistentKeepalive = 20 | |
| [Peer] | |
| PublicKey = DDDDD | |
| PresharedKey = CCCCC | |
| AllowedIPs = 10.7.0.10/32 | |
| PersistentKeepalive = 20 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment