Last active
October 26, 2025 14:09
-
-
Save etiennetremel/a90d898103b0d3e450bc53d428a47e91 to your computer and use it in GitHub Desktop.
Revisions
-
etiennetremel revised this gist
Dec 6, 2018 . No changes.There are no files selected for viewing
-
Dec 6, 2018 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,49 @@ Simple WireGuard configuration ============================== > 1 server, 2 clients # Getting started Install [Wireguard](https://www.wireguard.com) on all machines. ## Generate all keys ``` $ wg genkey > server_privatekey $ wg pubkey < server_privatekey > server_publickey_client1 $ wg pubkey < server_privatekey > server_publickey_client2 $ wg genkey | tee client1_privatekey | wg pubkey > client1_publickey $ wg genkey | tee client2_privatekey | wg pubkey > client2_publickey ``` ## Start ``` $ wg-quick up wg0 ``` ## Stop ``` $ wg-quick down wg0 ``` ## Check status ``` $ wg show interface: wg0 public key: <SERVER PUBLIC KEY> private key: (hidden) listening port: 51820 fwmark: 0xca6c peer: <CLIENT 1 PUBLIC KEY> endpoint: ... allowed ips: 10.100.0.2/32 latest handshake: 4 seconds ago transfer: 21.11 KiB received, 38.92 KiB sent peer: <CLIENT 2 PUBLIC KEY> endpoint: ... allowed ips: 10.100.0.3/32 latest handshake: 9 seconds ago transfer: 911.10 KiB received, 2.57 MiB sent ``` This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,9 @@ [Interface] Address = 10.100.0.2/32 PrivateKey = <CLIENT 1 PRIVATE KEY> DNS = 10.100.0.1 [Peer] PublicKey = <SERVER PUBLIC KEY> AllowedIPs = 0.0.0.0/0, ::/0 Endpoint = <SERVER PUBLIC IP>:51820 This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,9 @@ [Interface] Address = 10.100.0.3/32 PrivateKey = <CLIENT 2 PRIVATE KEY> DNS = 10.100.0.1 [Peer] PublicKey = <SERVER PUBLIC KEY> AllowedIPs = 0.0.0.0/0, ::/0 Endpoint = <SERVER PUBLIC IP>:51820 This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,13 @@ #!/usr/bin/env bash set -ex # Traffic forwarding iptables -D FORWARD -i %i -j ACCEPT iptables -D FORWARD -o %i -j ACCEPT # Nat iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE # DNS iptables -D INPUT -s 10.100.0.1/24 -p tcp -m tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT iptables -D INPUT -s 10.100.0.1/24 -p udp -m udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,13 @@ #!/usr/bin/env bash set -ex # Traffic forwarding iptables -A FORWARD -i %i -j ACCEPT iptables -A FORWARD -o %i -j ACCEPT # Nat iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # DNS iptables -A INPUT -s 10.100.0.1/24 -p tcp -m tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT iptables -A INPUT -s 10.100.0.1/24 -p udp -m udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,16 @@ [Interface] Address = 10.100.0.1/24 SaveConfig = true PostUp = /etc/wireguard/postup.sh PostDown = /etc/wireguard/postdown.sh ListenPort = 51820 FwMark = 0xca6c PrivateKey = <SERVER PRIVATE KEY> [Peer] PublicKey = <CLIENT 1 PUBLIC KEY> AllowedIPs = 10.100.0.2/32 [Peer] PublicKey = <CLIENT 2 PUBLIC KEY> AllowedIPs = 10.100.0.3/32