![]() ![]() Replace Peer PublicKey with the server's /etc/wireguard/publickey. Replace the Interface PrivateKey with the contents of mobile-privatekey. # Setup your own DNS server, or use CloudFlare / Google / etc # # Must match peer address in our server config above # But at the end we will encode it in a QR code for usage in the mobile WireGuard app. There's nothing special about this config, and it could be used on any type of device. Our server is good to go! Let's make a config file for iOS now. This can be useful if you have a lot of devices and networks you want to setup. You can create multiple interfaces, just make wg1.conf and enable that, instead of wg0 above. Next, we enable the service, so that it runs on boot, and start it: sudo systemctl enable systemctl start sudo wg and make sure you see your interface and peers listed with the correct addresses. Open up access to the ListenPort of your choosing, if you have a firewall like csf or ufw enabled. # Increment the allowedIPs by one each time #īe sure to paste your PrivateKey contents, first one is /etc/wireguard/privatekey and the other would be your mobile-publickey. # Add the below section for every client you created above # PostDown = iptables -D FORWARD -i wg0 -j ACCEPT iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE ip6tables -D FORWARD -i wg0 -j ACCEPT ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE PostUp = iptables -A FORWARD -i wg0 -j ACCEPT iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE ip6tables -A FORWARD -i wg0 -j ACCEPT ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -A INPUT -s 10.200.200.0/24 -p tcp -m tcp -dport 53 -m conntrack -ctstate NEW -j ACCEPT iptables -A INPUT -s 10.200.200.0/24 -p udp -m udp -dport 53 -m conntrack -ctstate NEW -j ACCEPT # Change eth0 to your network interface if it differs # cat /etc/wireguard/privatekey and paste the contents below # # Whatever DNS provider you want to use, in this case CloudFlare # Let's create our WireGuard interface configuration. Sudo mv mobile-privatekey /etc/wireguard/mobile-privatekey Sudo mv mobile-publickey /etc/wireguard/mobile-publickey After that, I am copying the files into the wireguard directory for safe keeping.Ĭreate our first peer's keys wg genkey | tee mobile-privatekey | wg pubkey > mobile-publickey The remaining piped commands come from the key generation docs from WireGuard. The first command ensures that our outputted file can only be used by the current user, as a security precaution. Sudo mv privatekey /etc/wireguard/privatekey Sudo mv publickey /etc/wireguard/publickey Let's generate keys for our server umask 077 wg genkey | tee privatekey | wg pubkey > publickey Now let's install WireGuard sudo apt install wireguard # Add '_forward = 1' to the end of the file After setup, I tend to change the default SSH port in /etc/ssh/sshd_config and also disable root logins.įirst, we need to enable ipv4 forwarding, so that traffic flows through our VPN: sysctl _forward=1 ![]() Get an Ubuntu server running 20.04, I like to use Digital Ocean. Here's the fastest way to get it running on Ubuntu and iOS, while also persisting your configuration. There's so much more you can do, hopefully that gives you some ideas. It's like having your own personal iCloud. Adding a windows file share (raid setup) to the iOS Files app, using it from anywhere. ![]() Steam link / game streaming away from home.Plus things run way faster and cooler on the laptop now! Using VS Code's Remote SSH plugin, and running all projects on a desktop, increasing Macbook air battery life.Throwing up code-server on my desktop, and coding from my iPad from anywhere.Ex: macbookair:3000 from any of my devices, across any network. Accessing development servers from any device, without remembering the IP address.Useful on an unknown network and you don't feel like connecting your phone after connecting your laptop. Running iOS builds from xcode without being on the same physical network.Here's a few neat things it's allowed me to try: I've put my desktop, iPhone, and MacBook Air on it. It's a new VPN protocol, that works similarly to ssh. I was scouring tutorials and also checked the docs and figure it all out. I've been dying to try out WireGuard for a while now, and I finally got around to it. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |