|
@@ -4,8 +4,8 @@
|
|
|
# https://wiki.archlinux.org/title/WireGuard
|
|
# https://wiki.archlinux.org/title/WireGuard
|
|
|
|
|
|
|
|
### Installation
|
|
### Installation
|
|
|
-# Install wireguard tools and QR-Code generator
|
|
|
|
|
-apt-get install --yes wireguard qrencode
|
|
|
|
|
|
|
+# Install wireguard tools and QR-Code generator and local dns unbound
|
|
|
|
|
+apt-get install --yes wireguard qrencode
|
|
|
|
|
|
|
|
### Variables
|
|
### Variables
|
|
|
network='192.168.130.1/24'
|
|
network='192.168.130.1/24'
|
|
@@ -39,7 +39,7 @@ cat >$confdir/$peer.conf <<EOL
|
|
|
[Interface]
|
|
[Interface]
|
|
|
PrivateKey = `cat $confdir/$peer.key`
|
|
PrivateKey = `cat $confdir/$peer.key`
|
|
|
Address = $ip
|
|
Address = $ip
|
|
|
-DNS = 8.8.8.8
|
|
|
|
|
|
|
+DNS = 127.0.0.1
|
|
|
|
|
|
|
|
[Peer]
|
|
[Peer]
|
|
|
PublicKey = `cat $confdir/host.pub`
|
|
PublicKey = `cat $confdir/host.pub`
|
|
@@ -59,5 +59,5 @@ iptables -t nat -I POSTROUTING 1 -s 192.168.130.0/24 -o ens3 -j MASQUERADE
|
|
|
iptables -I INPUT 1 -i wg0 -j ACCEPT
|
|
iptables -I INPUT 1 -i wg0 -j ACCEPT
|
|
|
iptables -I FORWARD 1 -i ens3 -o wg0 -j ACCEPT
|
|
iptables -I FORWARD 1 -i ens3 -o wg0 -j ACCEPT
|
|
|
iptables -I FORWARD 1 -i wg0 -o ens3 -j ACCEPT
|
|
iptables -I FORWARD 1 -i wg0 -o ens3 -j ACCEPT
|
|
|
-iptables -I INPUT 1 -i ens3 -p udp --dport 51871 -j ACCEPT
|
|
|
|
|
|
|
+iptables -I INPUT 1 -i eth0 -p udp --dport 51871 -j ACCEPT
|
|
|
sysctl -w net.ipv4.ip_forward=1
|
|
sysctl -w net.ipv4.ip_forward=1
|
