-
Notifications
You must be signed in to change notification settings - Fork 34
/
Copy pathwireguard-vpn.conf
58 lines (40 loc) · 1.57 KB
/
wireguard-vpn.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
# Configuration file for setting IP addresses for a network interface
# and setting up a Wireguard VPN and one normal interface.
INTERFACE="$1"
HWADDR="00:00:5e:00:53:ff"
IPV6_ADDR_1="2001:db8::2/64"
IPV6_ROUTE_1="2001:db8::/64"
IPV4_ADDR_1="192.0.2.2/24"
IPV4_ROUTE_1="192.0.2.0/24"
ip link set dev $INTERFACE up
ip link set dev $INTERFACE address $HWADDR
ip -6 address add $IPV6_ADDR_1 dev $INTERFACE nodad
ip -6 route add $IPV6_ROUTE_1 dev $INTERFACE
ip address add $IPV4_ADDR_1 dev $INTERFACE
ip route add $IPV4_ROUTE_1 dev $INTERFACE > /dev/null 2>&1
# Then setup Wireguard interface zwg0
VPN_IFACE="zwg0"
VPN_PORT=51820
PEER_PUBLIC_KEY="akhnZioadZ40wdou2j0HWOxd/fCCqLD1e1AtNNjsjmo="
PEER_ENDPOINT_IPV4="192.0.2.1"
PEER_ENDPOINT_IPV6="2001:db8::1"
# This specifies the outer tunneling addressing. By default this
# is set to IPv4 address.
PEER_ENDPOINT="${PEER_ENDPOINT_IPV4}"
PREFIX_1_IPV6="2001:db8:100"
PREFIXLEN_1_IPV6="64"
VPN_ROUTE_IPV6="${PREFIX_1_IPV6}::/${PREFIXLEN_1_IPV6}"
# From RFC 5737
PREFIX_1_IPV4="198.51.100"
PREFIXLEN_1_IPV4="24"
VPN_ROUTE_IPV4="${PREFIX_1_IPV4}.0/${PREFIXLEN_1_IPV4}"
ip link add dev ${VPN_IFACE} type wireguard
ip address add dev ${VPN_IFACE} ${PREFIX_1_IPV4}.2 peer ${PREFIX_1_IPV4}.1
ip address add dev ${VPN_IFACE} ${PREFIX_1_IPV6}::2 peer ${PREFIX_1_IPV6}::1
wg set ${VPN_IFACE} listen-port ${VPN_PORT} \
private-key privatekey.wg \
peer ${PEER_PUBLIC_KEY} \
endpoint ${PEER_ENDPOINT}:${VPN_PORT} \
allowed-ips ${VPN_ROUTE_IPV4},${VPN_ROUTE_IPV6}
ip link set up dev ${VPN_IFACE}
ip route add ${VPN_ROUTE_IPV6} dev ${VPN_IFACE}