WireGuard: Difference between revisions
| (5 intermediate revisions by the same user not shown) | |||
| Line 6: | Line 6: | ||
==Server== | ==Server== | ||
How to setup a WireGuard VPN server on Ubuntu | How to setup a WireGuard VPN server on Ubuntu. | ||
This is based on [https://linuxize.com/post/how-to-set-up-wireguard-vpn-on-ubuntu-18-04/ linuxize]. | |||
<ul> | <ul> | ||
<li> | <li> | ||
Install WireGuard. | Install WireGuard. | ||
| Line 38: | Line 33: | ||
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE | PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE | ||
</pre> | </pre> | ||
* Replace <code>ens3</code> with your network interface <code>ip -o -4 route show to default | awk '{print $5}'</code> | |||
</li> | </li> | ||
| Line 51: | Line 47: | ||
<pre> | <pre> | ||
sudo ufw allow 51820/udp comment wireguard | sudo ufw allow 51820/udp comment wireguard | ||
# For DNS purposes if you use subspace | |||
sudo ufw allow from 10.99.97.0/24 to any port 53 comment dns | |||
</pre> | </pre> | ||
</li> | </li> | ||
| Line 70: | Line 68: | ||
Managing connections manually is a large pain. | Managing connections manually is a large pain. | ||
[https://github.com/ | [https://github.com/subspacecommunity/subspace Subspace] provides a front end you can use. | ||
Below is my setup. I have subspace running on port 52395. Apache and certbot manages SSL/TLS and proxies to this local port. | Below is my setup. I have subspace running on port 52395. Apache and certbot manages SSL/TLS and proxies to this local port. | ||
<pre> | <pre> | ||
mkdir -p /home/ | mkdir -p /home/$USER/wireguard/data | ||
docker create \ | docker create \ | ||
--name subspace \ | --name subspace \ | ||
| Line 80: | Line 78: | ||
--network host \ | --network host \ | ||
--cap-add NET_ADMIN \ | --cap-add NET_ADMIN \ | ||
--volume /home/$USER/wireguard/data:/data \ | |||
--volume /home/ | |||
--env SUBSPACE_HTTP_HOST=wireguard.davidl.me \ | --env SUBSPACE_HTTP_HOST=wireguard.davidl.me \ | ||
--env SUBSPACE_NAMESERVER="1.1.1.1" \ | |||
--env SUBSPACE_HTTP_ADDR="localhost:52395" \ | --env SUBSPACE_HTTP_ADDR="localhost:52395" \ | ||
--env SUBSPACE_HTTP_INSECURE="true" \ | --env SUBSPACE_HTTP_INSECURE="true" \ | ||
--env SUBSPACE_LETSENCRYPT="false" \ | --env SUBSPACE_LETSENCRYPT="false" \ | ||
subspacecommunity/subspace:latest | |||
sudo docker start subspace | sudo docker start subspace | ||
sudo docker logs subspace | sudo docker logs subspace | ||
</pre> | |||
To stop subspace: | |||
<pre> | |||
sudo docker stop subspace | |||
sudo docker rm subspace | |||
</pre> | </pre> | ||