atomlab · March 12, 2022 22:03 · Jun 30, 2019 · Jun 30, 2019 · Jun 30, 2019 · Jun 30, 2019
diff --git a/wigeguard_setup.md b/wigeguard_setup.md
@@ -51,7 +51,7 @@ Reboot server after network setup, that make sure that interface wg0 append succ
 
 ## Setup iptables and NAT on Wireguard server
 
-For masquerading all trafic to internet we should setup iptables. For setup iptables we use **ferm**.
+For masquerading all traffic to internet we should setup iptables. For setup iptables we use **ferm**.
 
 1. Enable forward traffic
 

diff --git a/wigeguard_setup.md b/wigeguard_setup.md
@@ -69,7 +69,7 @@ net.ipv4.ip_forward = 1
 
 Create file
 ```
-vim /etc/ferm/ferm.d/nat.conf
+vim /etc/ferm/ferm.d/wg_nat.conf
 ```
 
 _/etc/ferm/ferm.d/wg_nat.conf_

diff --git a/wigeguard_setup.md b/wigeguard_setup.md
@@ -51,7 +51,7 @@ Reboot server after network setup, that make sure that interface wg0 append succ
 
 ## Setup iptables and NAT on Wireguard server
 
-For forwarding all trafic to internet we should setup iptables frowarding and NAT. For setup iptables we use **ferm**.
+For masquerading all trafic to internet we should setup iptables. For setup iptables we use **ferm**.
 
 1. Enable forward traffic
 

diff --git a/wigeguard_setup.md b/wigeguard_setup.md
@@ -49,6 +49,56 @@ iface wg0 inet static
 
 Reboot server after network setup, that make sure that interface wg0 append successful
 
+## Setup iptables and NAT on Wireguard server
+
+For forwarding all trafic to internet we should setup iptables frowarding and NAT. For setup iptables we use **ferm**.
+
+1. Enable forward traffic
+
+```
+# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
+# sysctl -p
+net.ipv4.ip_forward = 1
+```
+
+2. Install [ferm](http://ferm.foo-projects.org/) 
+
+```
+# apt install ferm
+```
+
+Create file
+```
+vim /etc/ferm/ferm.d/nat.conf
+```
+
+_/etc/ferm/ferm.d/wg_nat.conf_
+```
+
+table nat {
+    chain POSTROUTING {
+        outerface eth0 MASQUERADE;
+    }
+}
+
+table filter {
+    chain INPUT {
+        # Allow wireguard ports
+        proto (tcp udp) dport 51820 ACCEPT;
+    }
+    chain FORWARD {
+        # Allow forward only 192.168.120.0/24 clients networks
+        saddr 192.168.120.0/24 daddr 0.0.0.0/0 ACCEPT;
+    }
+}
+```
+
+Apploy ferm setting
+```
+# ferm /etc/ferm/ferm.conf
+#
+```
+
 ## Android client setup
 
 [Install wg client for Android](https://www.wireguard.com/install/)

diff --git a/wigeguard_setup.md b/wigeguard_setup.md
@@ -1,4 +1,4 @@
-# Wireguard setup on Ubuntu 18.04
+# Wireguard setup on Ubuntu 16.04/18.04
 
 ## Install
 ```

diff --git a/wigeguard_setup.md b/wigeguard_setup.md
@@ -83,6 +83,27 @@ ListenPort = 51820
 PublicKey = cmfyWxlXbFKpdtnsI2a0WF2bu7/MZRcV+Kf6aF/osxY= # public key generated on client side
 AllowedIPs = 192.168.120.2/32 # ip address allowed to connect with this public key
 ```
+Apply configuration on server
+
+```
+# wg setconf wg0 /etc/wireguard/wg0.conf
+```
+
+Check connections
+
+```
+# wg
+interface: wg0
+  public key: J5s0i4x9XuuNylQlfEGrZoFgV1Id48qZoPvjVS+sBDU=
+  private key: (hidden)
+  listening port: 51820
+
+peer: cmfyWxlXbFKpdtnsI2a0WF2bu7/MZRcV+Kf6aF/osxY=
+  endpoint: 176.34.241.253:53745
+  allowed ips: 192.168.120.2/32
+  latest handshake: 26 seconds ago
+  transfer: 2.20 MiB received, 47.72 MiB sent
+```
 
 ## Troubleshooting
 

diff --git a/wigeguard_setup.md b/wigeguard_setup.md
@@ -80,13 +80,10 @@ PrivateKey = 2B5zWbvkWxovKZsbdyLPLdxQlwGDDsocdhaP2w0nwnE=
 ListenPort = 51820
 
 [Peer]
-PublicKey = cmfyWxlXbFKpdtnsI2a0WF2bu7/MZRcV+Kf6aF/osxY=
-AllowedIPs = 192.168.120.2/32
+PublicKey = cmfyWxlXbFKpdtnsI2a0WF2bu7/MZRcV+Kf6aF/osxY= # public key generated on client side
+AllowedIPs = 192.168.120.2/32 # ip address allowed to connect with this public key
 ```
 
-_cmfyWxlXbFKpdtnsI2a0WF2bu7/MZRcV+Kf6aF/osxY=_ it's public keys generated on client side
-_192.168.120.2/32_ - ip address allowed to connect with this public key
-
 ## Troubleshooting
 
 ```

diff --git a/wigeguard_setup.md b/wigeguard_setup.md
@@ -84,9 +84,8 @@ PublicKey = cmfyWxlXbFKpdtnsI2a0WF2bu7/MZRcV+Kf6aF/osxY=
 AllowedIPs = 192.168.120.2/32
 ```
 
-`cmfyWxlXbFKpdtnsI2a0WF2bu7/MZRcV+Kf6aF/osxY=` it's public keys generated on client side
-
-`192.168.120.2/32` - ip address allowed to connect with this public key
+_cmfyWxlXbFKpdtnsI2a0WF2bu7/MZRcV+Kf6aF/osxY=_ it's public keys generated on client side
+_192.168.120.2/32_ - ip address allowed to connect with this public key
 
 ## Troubleshooting
 

diff --git a/wigeguard_setup.md b/wigeguard_setup.md
@@ -85,6 +85,7 @@ AllowedIPs = 192.168.120.2/32
 ```
 
 `cmfyWxlXbFKpdtnsI2a0WF2bu7/MZRcV+Kf6aF/osxY=` it's public keys generated on client side
+
 `192.168.120.2/32` - ip address allowed to connect with this public key
 
 ## Troubleshooting

diff --git a/wigeguard_setup.md b/wigeguard_setup.md
@@ -71,6 +71,22 @@ Endpoint: 163.172.161.5:51820
 5. Press button **Save** on the bottom
 6. Enable vpn connection
 
+# Add peer to wireguard config on server
+
+_/etc/wireguard/wg0.conf_
+```
+[Interface]
+PrivateKey = 2B5zWbvkWxovKZsbdyLPLdxQlwGDDsocdhaP2w0nwnE=
+ListenPort = 51820
+
+[Peer]
+PublicKey = cmfyWxlXbFKpdtnsI2a0WF2bu7/MZRcV+Kf6aF/osxY=
+AllowedIPs = 192.168.120.2/32
+```
+
+`cmfyWxlXbFKpdtnsI2a0WF2bu7/MZRcV+Kf6aF/osxY=` it's public keys generated on client side
+`192.168.120.2/32` - ip address allowed to connect with this public key
+
 ## Troubleshooting
 
 ```

diff --git a/wigeguard_setup.md b/wigeguard_setup.md
@@ -78,10 +78,12 @@ Endpoint: 163.172.161.5:51820
 RTNETLINK answers: Operation not supported
 ```
 
+Install kernel headers
 ```
 # apt -y install linux-headers-$(uname -r)
 # dpkg-reconfigure wireguard-dkms
 ```
+Reboot system
 
 # Links
 https://tunfish.org/doc/sandbox/troubleshooting.html
diff --git a/wigeguard_setup.md b/wigeguard_setup.md
@@ -62,7 +62,7 @@ Private key: (GENERATE)
 Address: 192.168.120.2/32
 DNS server: 1.1.1.1
 ```
-4. Press **ADD PERR** button bellow
+4. Press **ADD PEER** button bellow
 ```
 Public key: J5s0i4x9XuuNylQlfEGrZoFgV1Id48qZoPvjVS+sBDU=
 Allowed IPs: 0.0.0.0/0

diff --git a/wigeguard_setup.md b/wigeguard_setup.md
@@ -2,18 +2,26 @@
 
 ## Install
 ```
-sudo add-apt-repository ppa:wireguard/wireguard
-sudo apt-get update
-sudo apt-get install wireguard
+# sudo add-apt-repository ppa:wireguard/wireguard
+# sudo apt-get update
+# sudo apt-get install wireguard
 ```
 
 ## Generate keys
 
 ```
-cd /etc/wireguard/
-umask 077
-wg genkey > privatekey
-wg pubkey < privatekey > publickey
+# cd /etc/wireguard/
+# umask 077
+# wg genkey > privatekey
+# wg pubkey < privatekey > publickey
+```
+
+Check created keys
+```
+# cat privatekey
+2B5zWbvkWxovKZsbdyLPLdxQlwGDDsocdhaP2w0nwnE=
+# cap publickey
+J5s0i4x9XuuNylQlfEGrZoFgV1Id48qZoPvjVS+sBDU=
 ```
 
 ## Wireguard config
@@ -66,13 +74,13 @@ Endpoint: 163.172.161.5:51820
 ## Troubleshooting
 
 ```
-ip link add dev wg0 type wireguard
+# ip link add dev wg0 type wireguard
 RTNETLINK answers: Operation not supported
 ```
 
 ```
-apt -y install linux-headers-$(uname -r)
-dpkg-reconfigure wireguard-dkms
+# apt -y install linux-headers-$(uname -r)
+# dpkg-reconfigure wireguard-dkms
 ```
 
 # Links

diff --git a/wigeguard_setup.md b/wigeguard_setup.md
@@ -45,9 +45,23 @@ Reboot server after network setup, that make sure that interface wg0 append succ
 
 [Install wg client for Android](https://www.wireguard.com/install/)
 
-1. Put button (*+*)
-
-
+1. Press button (**+**)
+2. Select **Create from scratch**
+3. Setup interface
+```
+Name: wg_vpn
+Private key: (GENERATE)
+Address: 192.168.120.2/32
+DNS server: 1.1.1.1
+```
+4. Press **ADD PERR** button bellow
+```
+Public key: J5s0i4x9XuuNylQlfEGrZoFgV1Id48qZoPvjVS+sBDU=
+Allowed IPs: 0.0.0.0/0
+Endpoint: 163.172.161.5:51820
+```
+5. Press button **Save** on the bottom
+6. Enable vpn connection
 
 ## Troubleshooting
 

diff --git a/wigeguard_setup.md b/wigeguard_setup.md
@@ -43,7 +43,9 @@ Reboot server after network setup, that make sure that interface wg0 append succ
 
 ## Android client setup
 
-[Install wg client for Android](https://play.google.com/store/apps/details?id=com.wireguard.android)
+[Install wg client for Android](https://www.wireguard.com/install/)
+
+1. Put button (*+*)
 
 
 

diff --git a/wigeguard_setup.md b/wigeguard_setup.md
@@ -43,7 +43,7 @@ Reboot server after network setup, that make sure that interface wg0 append succ
 
 ## Android client setup
 
-[Install wg client for Android] (https://play.google.com/store/apps/details?id=com.wireguard.android)
+[Install wg client for Android](https://play.google.com/store/apps/details?id=com.wireguard.android)
 
 
 

diff --git a/wigeguard_setup.md b/wigeguard_setup.md
@@ -39,7 +39,13 @@ iface wg0 inet static
         post-down ip link del $IFACE
 ```
 
-Reboot after network setup, that make sure that interface wg0 append successful
+Reboot server after network setup, that make sure that interface wg0 append successful
+
+## Android client setup
+
+[Install wg client for Android] (https://play.google.com/store/apps/details?id=com.wireguard.android)
+
+
 
 ## Troubleshooting
 

diff --git a/wigeguard_setup.md b/wigeguard_setup.md
@@ -39,6 +39,7 @@ iface wg0 inet static
         post-down ip link del $IFACE
 ```
 
+Reboot after network setup, that make sure that interface wg0 append successful
 
 ## Troubleshooting
 

diff --git a/wigeguard_setup.md b/wigeguard_setup.md
@@ -26,6 +26,19 @@ PrivateKey = 2B5zWbvkWxovKZsbdyLPLdxQlwGDDsocdhaP2w0nwnE=
 ListenPort = 51820
 ```
 
+## Interface setup
+
+_/etc/network/interfaces.d/wg0.cfg_
+```
+auto wg0
+iface wg0 inet static
+        address 192.168.120.1
+        netmask 255.255.255.0
+        pre-up ip link add $IFACE type wireguard
+        pre-up wg setconf $IFACE /etc/wireguard/$IFACE.conf
+        post-down ip link del $IFACE
+```
+
 
 ## Troubleshooting
 

diff --git a/wigeguard_setup.md b/wigeguard_setup.md
@@ -1,21 +1,41 @@
 # Wireguard setup on Ubuntu 18.04
 
+## Install
 ```
-$ sudo add-apt-repository ppa:wireguard/wireguard
-$ sudo apt-get update
-$ sudo apt-get install wireguard
+sudo add-apt-repository ppa:wireguard/wireguard
+sudo apt-get update
+sudo apt-get install wireguard
+```
+
+## Generate keys
+
+```
+cd /etc/wireguard/
+umask 077
+wg genkey > privatekey
+wg pubkey < privatekey > publickey
+```
+
+## Wireguard config
+
+_/etc/wireguard/wg0.conf_
+
+```
+[Interface]
+PrivateKey = 2B5zWbvkWxovKZsbdyLPLdxQlwGDDsocdhaP2w0nwnE=
+ListenPort = 51820
 ```
 
 
 ## Troubleshooting
 
 ```
-$ ip link add dev wg0 type wireguard
+ip link add dev wg0 type wireguard
 RTNETLINK answers: Operation not supported
 ```
 
 ```
-$ apt -y install linux-headers-$(uname -r)
+apt -y install linux-headers-$(uname -r)
 dpkg-reconfigure wireguard-dkms
 ```
 

diff --git a/wigeguard_setup.md b/wigeguard_setup.md
@@ -20,4 +20,4 @@ dpkg-reconfigure wireguard-dkms
 ```
 
 # Links
-(https://tunfish.org/doc/sandbox/troubleshooting.html)
+https://tunfish.org/doc/sandbox/troubleshooting.html
diff --git a/wigeguard_setup.md b/wigeguard_setup.md
@@ -17,4 +17,7 @@ RTNETLINK answers: Operation not supported
 ```
 $ apt -y install linux-headers-$(uname -r)
 dpkg-reconfigure wireguard-dkms
-```
+```
+
+# Links
+(https://tunfish.org/doc/sandbox/troubleshooting.html)
diff --git a/wigeguard_setup.md b/wigeguard_setup.md
@@ -0,0 +1,20 @@
+# Wireguard setup on Ubuntu 18.04
+
+```
+$ sudo add-apt-repository ppa:wireguard/wireguard
+$ sudo apt-get update
+$ sudo apt-get install wireguard
+```
+
+
+## Troubleshooting
+
+```
+$ ip link add dev wg0 type wireguard
+RTNETLINK answers: Operation not supported
+```
+
+```
+$ apt -y install linux-headers-$(uname -r)
+dpkg-reconfigure wireguard-dkms
+```
No results found