====== Setting up Standalone S2S-VPN Wireguard ======
===== Gettings WG staus =====
wg show
==== Starting/Stopping WG ====
wg-quick up wgx
wg-quick down wgx
===== Installing WG =====
apt install wireguard
https://github.com/mjtechguy/wireguard-site-to-site
==== enable ip forwarding ====
((https://linuxhint.com/enable_ip_forwarding_ipv4_debian_linux/))
this has to be done on both server and client.
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
net.ipv6.conf.all.forwarding=1
==== server config ====
[Interface]
Address = 10.99.x.1/30 # this address is the tunnel address
ListenPort = 31037 # this port is the physical port that should be listened on.
PrivateKey = 6GcJf56i5dY30t7tyuGExlJFl/vkiYcyfvDrTJoevWg=
SaveConfig = false
PostUp = iptables -A FORWARD -i %i -j ACCEPT
PostDown = iptables -D FORWARD -i %i -j ACCEPT
[Peer]
#Name = XY
PublicKey = KSODnmNkJG+ASAirrpmZJhEHwnCNoa7fIhvBS/txJQY=
AllowedIPs = 192.168.10.0/24,192.168.11.0/24,192.168.12.0/24,192.168.13.0/24,192.168.14.0/24,192.168.15.0/24,10.98.3.0/30,10.99.3.2/32 # this is an example list of allowed ips taken from n02
==== client conf ====
[Interface]
Address = 10.99.x.2/30
PrivateKey = qEX8Ag5QmckFHRGX8Cg308N1XXzfp3VXE2MKYPlA2Eo=
PostUp = iptables -A FORWARD -i %i -j ACCEPT
PostDown = iptables -D FORWARD -i %i -j ACCEPT
[Peer]
PublicKey = 28b1ickTXZiU5XtZbsj6YJuzhkcJXrNP145C3MGBQS0=
AllowedIPs = 192.168.8.0/21,192.168.16.0/21,192.168.24.0/22,10.98.2.0/30,10.99.3.1/30,10.99.7.1/32 # this is a bit of a collapsed view of my home networks
Endpoint = 130.83.6.100:31037
PersistentKeepalive = 2
==== starting wg ====
wg-quick up wgx
==== always start wg ====
on both server and client
systemctl enable wg-quick@wgx
==== Routing ====
:!: Dont forget to add the firewall rules!