add full example wip

full-example/home-server/home-server.key

@@ -0,0 +1 @@
+WN+bvd3PCWs5Pk3bvl7abWR0c1L6PCWKYRX56mjVYGo=

full-example/home-server/home-server.key.pub

@@ -0,0 +1 @@
+8bSk5fATxg9qdxbK20iTGdrQ7SWvxIBhxdMo+W54pEg=

full-example/home-server/setup.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+# install wireguard on FreeBSD
+pkg install wireguard
+
+# install wireguard on Ubuntu
+#add-apt-repository ppa:wireguard/wireguard
+#apt update
+#apt install wireguard

full-example/home-server/start.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick up "$PEER_DIR"/wg0.conf
+wg show

full-example/home-server/stop.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick down "$PEER_DIR"/wg0.conf
+wg show

full-example/home-server/wg0.conf

@@ -0,0 +1,14 @@
+[Interface]
+# Name = home-server.example-vpn.dev
+Address = 10.0.0.3/32
+ListenPort = 51820
+PrivateKey = <private key for home-server.example-vpn.dev>
+DNS = 1.1.1.1
+
+[Peer]
+# Name = public-server1.example-vpn.tld
+Endpoint = public-server1.example-vpn.tld:51820
+PublicKey = <public key for public-server1.example-vpn.tld>
+# routes traffic to itself and entire subnet of peers as bounce server
+AllowedIPs = 10.0.0.1/24
+PersistentKeepalive = 25

full-example/laptop/laptop.key

@@ -0,0 +1 @@
+OPmibSXYAAcMIYKNsWqr77zY06Kl750AEB1nWQi1T2o=

full-example/laptop/laptop.key.pub

@@ -0,0 +1 @@
+BV5DjXeCugIrjvEZLo4sZ0hN5wveFTH8kOfZ1AIQ5js=

full-example/laptop/setup.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+# install wireguard on Ubuntu
+#add-apt-repository ppa:wireguard/wireguard
+#apt update
+#apt install wireguard
+
+# install wireguard on macOS
+brew install wireguard-tools

full-example/laptop/start.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick up "$PEER_DIR"/wg0.conf
+wg show

full-example/laptop/stop.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick down "$PEER_DIR"/wg0.conf
+wg show

full-example/laptop/wg0.conf

@@ -0,0 +1,13 @@
+[Interface]
+# Name = laptop.example-vpn.dev
+Address = 10.0.0.4/32
+PrivateKey = <private key for laptop.example-vpn.dev>
+DNS = 1.1.1.1
+
+[Peer]
+# Name = public-server1.example-vpn.tld
+Endpoint = public-server1.example-vpn.tld:51820
+PublicKey = <public key for public-server1.example-vpn.tld>
+# routes traffic to itself and entire subnet of peers as bounce server
+AllowedIPs = 10.0.0.1/24
+PersistentKeepalive = 25

full-example/phone/phone.key

@@ -0,0 +1 @@
+WH98AvjKKZ584ZLb69G912bNry2wOda9+kfzm+qbnUw=

full-example/phone/phone.key.pub

@@ -0,0 +1 @@
+VpjKa2MQKXuvttXRwJIe0LLYrtFYGQRTtmt8okUGm3A=

full-example/phone/setup.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+# install wireguard on iOS/Android
+echo "Use the iOS App Store / Google Play Store to install WireGuard on your mobile device"

full-example/phone/start.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+echo "Use the iOS/Android app to load the wg0.conf file and start Wireguard"

full-example/phone/stop.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+echo "Use the iOS/Android app to load the wg0.conf file and stop Wireguard"

full-example/phone/wg0.conf

@@ -0,0 +1,13 @@
+[Interface]
+# Name = phone.example-vpn.dev
+Address = 10.0.0.5/32
+PrivateKey = <private key for phone.example-vpn.dev>
+DNS = 1.1.1.1
+
+[Peer]
+# Name = public-server1.example-vpn.tld
+Endpoint = public-server1.example-vpn.tld:51820
+PublicKey = <public key for public-server1.example-vpn.tld>
+# routes traffic to itself and entire subnet of peers as bounce server
+AllowedIPs = 10.0.0.1/24
+PersistentKeepalive = 25

full-example/public-server1/public-server1.key

@@ -0,0 +1 @@
+2P/3ll/TxGTjGqwcWnqJMnjwPqGw7oX1RaXlPfsf2FQ=

full-example/public-server1/public-server1.key.pub

@@ -0,0 +1 @@
+q/+jwmL5tNuYSB3z+t9Caj00Pc1YQ8zf+uNPu/UE1wE=

full-example/public-server1/setup.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+# install wireguard
+add-apt-repository ppa:wireguard/wireguard
+apt update
+apt install wireguard
+
+# to enable kernel relaying/forwarding ability on bounce servers
+echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
+echo "net.ipv4.conf.all.proxy_arp" >> /etc/sysctl.conf
+sudo sysctl -p /etc/sysctl.conf
+
+# to add iptables forwarding rules on bounce servers
+iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+iptables -A FORWARD -i wg0 -o wg0 -m conntrack --ctstate NEW -j ACCEPT
+iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE

full-example/public-server1/start.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick up "$PEER_DIR"/wg0.conf
+wg show

full-example/public-server1/stop.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick down "$PEER_DIR"/wg0.conf
+wg show

full-example/public-server1/wg0.conf

@@ -0,0 +1,28 @@
+[Interface]
+# Name = public-server1.example-vpn.tld
+Address = 10.0.0.1/24
+ListenPort = 51820
+PrivateKey = <private key for public-server1.example-vpn.tld>
+DNS = 1.1.1.1
+
+[Peer]
+# Name = public-server2.example-vpn.dev
+Endpoint = public-server2.example-vpn.dev:51820
+PublicKey = <public key for public-server2.example-vpn.dev>
+AllowedIPs = 10.0.0.2/32
+
+[Peer]
+# Name = home-server.example-vpn.dev
+Endpoint = home-server.example-vpn.dev:51820
+PublicKey = <public key for home-server.example-vpn.dev>
+AllowedIPs = 10.0.0.3/32
+
+[Peer]
+# Name = laptop.example-vpn.dev
+PublicKey = <private key for laptop.example-vpn.dev>
+AllowedIPs = 10.0.0.4/32
+
+[Peer]
+# phone.example-vpn.dev
+PublicKey = <public key for phone.example-vpn.dev>
+AllowedIPs = 10.0.0.5/32

full-example/public-server2/public-server2.key

@@ -0,0 +1 @@
+eDwURfg8PhpUAdPp+OA9pQ5oZQYqGqY3LToUORMh220=

full-example/public-server2/public-server2.key.pub

@@ -0,0 +1 @@
+SceMEaVZaZfOGtGXjMsoJjhwxKHkb++9wjxqN1vm32s=

full-example/public-server2/setup.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+# install wireguard
+add-apt-repository ppa:wireguard/wireguard
+apt update
+apt install wireguard

full-example/public-server2/start.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick up "$PEER_DIR"/wg0.conf
+wg show

full-example/public-server2/stop.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick down "$PEER_DIR"/wg0.conf
+wg show

full-example/public-server2/wg0.conf

@@ -0,0 +1,14 @@
+[Interface]
+# Name = public-server2.example-vpn.dev
+Address = 10.0.0.2/32
+ListenPort = 51820
+PrivateKey = <private key for public-server2.example-vpn.dev>
+DNS = 1.1.1.1
+
+[Peer]
+# Name = public-server1.example-vpn.tld
+Endpoint = public-server1.example-vpn.tld:51820
+PublicKey = <public key for public-server1.example-vpn.tld>
+# routes traffic to itself and entire subnet of peers as bounce server
+AllowedIPs = 10.0.0.1/24
+PersistentKeepalive = 25