62 lines
1.5 KiB
Bash
62 lines
1.5 KiB
Bash
#/bin/bash
|
|
# install wireguard as the VPN server
|
|
|
|
# install wireguard
|
|
dnf install elrepo-release epel-release
|
|
dnf install kmod-wireguard wireguard-tools
|
|
|
|
# setup port forwarding
|
|
cat << EOF >> /etc/systctl.d/99-custom.conf
|
|
# IPv4 Forwarding
|
|
net.ipv4.ip_forward = 1
|
|
# IPv6 Forwarding
|
|
#net.ipv6.conf.all.forwarding = 1
|
|
EOF
|
|
|
|
sysctl -p /etc/sysctl.d/99-custom.conf
|
|
|
|
cat << EOF >> /etc/firewalld/services/wireguard.xml
|
|
<?xml version="1.0" encoding="utf-8"?>
|
|
<service>
|
|
<short>wireguard</short>
|
|
<description>wireguard vpn</description>
|
|
<port protocol="udp" port="51820"/>
|
|
</service>
|
|
EOF
|
|
|
|
sleep 5
|
|
|
|
sudo firewall-cmd --add-service wireguard --permanent
|
|
sudo firewall-cmd --add-masquerade --permanent
|
|
sudo firewall-cmd --reload
|
|
|
|
sudo mkdir /etc/wireguard
|
|
# make private and public keys
|
|
wg genkey | tee /etc/wireguard/<hostname>.wg0.key | wg pubkey > /etc/wireguard/<hostname>.wg0.pub
|
|
|
|
# example of wg0.conf file
|
|
: '
|
|
[Interface]
|
|
Address = 10.12.0.1/29
|
|
PrivateKey = <Private Key>
|
|
ListenPort = 51820
|
|
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o <INTERFACE> -j MASQUERADE
|
|
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o <INTERFACE> -j MASQUERADE
|
|
|
|
# iPhone
|
|
[Peer]
|
|
PublicKey = <Public Key>
|
|
AllowedIPs = 10.12.0.2/32
|
|
|
|
# GauntLaptop
|
|
[Peer]
|
|
PublicKey = <Public Key>
|
|
AllowedIPs = 10.12.0.3/32
|
|
|
|
# GauntMTA
|
|
[Peer]
|
|
PublicKey = <Public Key>
|
|
AllowedIPs = 10.12.0.4/32
|
|
|
|
'
|