Wireguard to go
This commit is contained in:
Maurice
27
services/wireguard/install.sh
Normal file
27
services/wireguard/install.sh
Normal file
@@ -0,0 +1,27 @@
|
||||
#!/bin/sh
|
||||
echo "Setting up Wireguard ..."
|
||||
apk add wireguard-tools
|
||||
|
||||
# Generate server private and public keys
|
||||
mkdir -p /etc/wireguard
|
||||
wg genkey | tee /etc/wireguard/server_priv.key | wg pubkey > /etc/wireguard/server_pub.key
|
||||
|
||||
# Generate configuration
|
||||
cat <<EOF > /etc/wireguard/wg0.conf
|
||||
[Interface]
|
||||
PrivateKey = $(cat /etc/wireguard/server_priv.key)
|
||||
Address = 10.0.0.1/24 # Server has IP in the wg network
|
||||
ListenPort = 51820
|
||||
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
||||
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
|
||||
EOF
|
||||
|
||||
# Enable IP forwarding, persistent
|
||||
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.d/ip_forward.conf
|
||||
sysctl -p /etc/sysctl.d/ip_forward.conf
|
||||
|
||||
# Auto-start Wireguard on boot
|
||||
apk add wireguard-tools-openrc
|
||||
ln -s /etc/init.d/wg-quick /etc/init.d/wg-quick.wg0
|
||||
rc-update add wg-quick.wg0
|
||||
rc-service wg-quick.wg0 start
|
||||
Reference in New Issue
Block a user