|
|
@@ -8,8 +8,11 @@
|
|
|
apt-get install --yes wireguard qrencode
|
|
|
|
|
|
### Variables
|
|
|
-network='192.168.130.1/24'
|
|
|
+hostname="blue.s-up.net"
|
|
|
+server_ip='192.168.130.1/24'
|
|
|
+network='192.168.130.0/24'
|
|
|
confdir='/etc/wireguard'
|
|
|
+interface='ens3'
|
|
|
|
|
|
### Create key material
|
|
|
cd $confdir
|
|
|
@@ -22,7 +25,7 @@ for peer in $peers; do wgkeypair $peer && wgpsk $peer; done
|
|
|
### Configuration
|
|
|
# Setup wireguard network interface
|
|
|
ip link add dev wg0 type wireguard
|
|
|
-ip addr add $network dev wg0
|
|
|
+ip addr add $server_ip dev wg0
|
|
|
wg set wg0 listen-port 51871 private-key $confdir/host.key
|
|
|
|
|
|
wgsetpeer() {
|
|
|
@@ -44,7 +47,7 @@ DNS = 127.0.0.1
|
|
|
[Peer]
|
|
|
PublicKey = `cat $confdir/host.pub`
|
|
|
AllowedIPs = 0.0.0.0/0
|
|
|
-Endpoint = blue.s-up.net:51871
|
|
|
+Endpoint = $hostname:51871
|
|
|
PersistentKeepalive = 15
|
|
|
PresharedKey = `cat $confdir/$peer.psk`
|
|
|
EOL
|
|
|
@@ -55,7 +58,7 @@ qrencode -t ANSIUTF8 -r $confdir/$peer.conf
|
|
|
wgsetpeer dspx4 192.168.130.2
|
|
|
|
|
|
# https://www.cyberciti.biz/faq/how-to-set-up-wireguard-firewall-rules-in-linux/
|
|
|
-iptables -t nat -I POSTROUTING 1 -s 192.168.130.0/24 -o ens3 -j MASQUERADE
|
|
|
+iptables -t nat -I POSTROUTING 1 -s $network -o $interface -j MASQUERADE
|
|
|
iptables -I INPUT 1 -i wg0 -j ACCEPT
|
|
|
iptables -I FORWARD 1 -i ens3 -o wg0 -j ACCEPT
|
|
|
iptables -I FORWARD 1 -i wg0 -o ens3 -j ACCEPT
|
