-
Notifications
You must be signed in to change notification settings - Fork 0
/
Config.txt
97 lines (74 loc) · 2.89 KB
/
Config.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
##### Server Configuration (wg0)
[Interface]
Address = 192.168.69.1/24, fd42:42:42::1/64
SaveConfig = true
PostUp = iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE; ip6tables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o enp0s3 -j MASQUERADE; ip6tables -t nat -D POSTROUTING -o enp0s3 -j MASQUERADE
ListenPort = 51820
PrivateKey = <Private Key of Server>
##### change enp0s3 to server's default network interface name (like eth0, etc)
[Peer]
PublicKey = <Public Key of Client>
AllowedIPs = 192.168.69.2/32, fd42:42:42::2/128
##### Client Configuration
[Interface]
PrivateKey = <Private Key of Client>
Address = 192.168.69.2/32, fd42:42:42::2/128
DNS = 8.8.8.8
[Peer]
PublicKey = <Public Key of Server>
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = <Server IP>:51820
##### Additional Commands
nano /etc/sysctl.conf # Enable IPV4 and IPV6 forwarding
systemctl enable wg-quick@wg0 # Set wireguard to start on boot
ip a # Find Interface Name
wg genkey | tee privatekey | wg pubkey > publickey # Generate Private and Public Keys
cd /etc/wireguard # Default Wireguard Directory
nano wg0.conf # Default WG Interface Name
wg-quick up wg0
wg-quick down wg0
wg show
wg set wg0 peer <Client Public Key>= allowed-ips <Client Unique IP Address(eg: 192.168.69.3/32, fd42:42:42::3/128)>
sample:
wg set wg0 peer cVU13uIpVWxCPE40uRB9ItoUQSq1rRuSuYncYWawViI= allowed-ips 192.168.69.3/32, fd42:42:42::3/128
##### To open all ports at startup(only reqd for OCI)
Auto open port https://www.youtube.com/watch?v=fYQBvjYQ63U
systemctl enable iptables-service.conf
nano iptables-startup.sh
#!/bin/sh
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F
ip6tables -P INPUT ACCEPT
ip6tables -P OUTPUT ACCEPT
ip6tables -P FORWARD ACCEPT
ip6tables -F
## Make iptables-startup.sh executable and run on startup
chmod +x iptables-startup.sh
cd /etc/systemd/system
nano iptables-startup.service
[Unit]
Description=iptables startup
[Service]
ExecStart=/home/ubuntu/iptables-startup.sh
[Install]
WantedBy=multi-user.target
sudo systemctl start iptables-startup
sudo systemctl enable iptables-startup
sudo systemctl status iptables-startup
#### Alternate way to enable persistant iptables all acecept on Oracle Cloud [Only recommend if you have good firewall rules on the Oracle Cloud Console]
sudo su
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F
ip6tables -P INPUT ACCEPT
ip6tables -P OUTPUT ACCEPT
ip6tables -P FORWARD ACCEPT
ip6tables -F
There are versions of the saved iptables stored at /etc/iptables/rules.v4 and /etc/iptables/rules.v6 (Debian/Ubuntu).
For Saving to those files for persistance across reboots:
sudo sh -c '/sbin/iptables-save > /etc/iptables/rules.v4'
sudo sh -c '/sbin/iptables6-save > /etc/iptables/rules.v6'