#/bin/bash # install wireguard as the VPN server # install wireguard sudo curl -Lo /etc/yum.repos.d/wireguard.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo sudo yum install epel-release sudo yum install wireguard-dkms wireguard-tools cat << EOF >> /etc/firewalld/services/wireguard.xml wireguard wireguard vpn EOF sleep 5 sudo firewall-cmd --add-service wireguard --permanent sudo firewall-cmd --add-masquerade --permanent sudo firewall-cmd --reload sudo mkdir /etc/wireguard # make private and public keys wg genkey | tee /etc/wireguard/.wg0.key | wg pubkey > /etc/wireguard/.wg0.pub # example of wg0.conf file : ' [Interface] Address = 10.12.0.1/29 PrivateKey = ListenPort = 51820 PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o -j MASQUERADE # iPhone [Peer] PublicKey = AllowedIPs = 10.12.0.2/32 # GauntLaptop [Peer] PublicKey = AllowedIPs = 10.12.0.3/32 # GauntMTA [Peer] PublicKey = AllowedIPs = 10.12.0.4/32 '