From 3086cd43f70fc827e8a8d4a7ea579b6b69a9bd8a Mon Sep 17 00:00:00 2001 From: Nick Sweeting Date: Tue, 28 May 2019 05:33:04 -0400 Subject: [PATCH] add full example wip --- full-example/home-server/home-server.key | 1 + full-example/home-server/home-server.key.pub | 1 + full-example/home-server/setup.sh | 9 ++++++ full-example/home-server/start.sh | 5 ++++ full-example/home-server/stop.sh | 5 ++++ full-example/home-server/wg0.conf | 14 ++++++++++ full-example/laptop/laptop.key | 1 + full-example/laptop/laptop.key.pub | 1 + full-example/laptop/setup.sh | 9 ++++++ full-example/laptop/start.sh | 5 ++++ full-example/laptop/stop.sh | 5 ++++ full-example/laptop/wg0.conf | 13 +++++++++ full-example/phone/phone.key | 1 + full-example/phone/phone.key.pub | 1 + full-example/phone/setup.sh | 4 +++ full-example/phone/start.sh | 3 ++ full-example/phone/stop.sh | 3 ++ full-example/phone/wg0.conf | 13 +++++++++ .../public-server1/public-server1.key | 1 + .../public-server1/public-server1.key.pub | 1 + full-example/public-server1/setup.sh | 17 +++++++++++ full-example/public-server1/start.sh | 5 ++++ full-example/public-server1/stop.sh | 5 ++++ full-example/public-server1/wg0.conf | 28 +++++++++++++++++++ .../public-server2/public-server2.key | 1 + .../public-server2/public-server2.key.pub | 1 + full-example/public-server2/setup.sh | 6 ++++ full-example/public-server2/start.sh | 5 ++++ full-example/public-server2/stop.sh | 5 ++++ full-example/public-server2/wg0.conf | 14 ++++++++++ 30 files changed, 183 insertions(+) create mode 100644 full-example/home-server/home-server.key create mode 100644 full-example/home-server/home-server.key.pub create mode 100644 full-example/home-server/setup.sh create mode 100644 full-example/home-server/start.sh create mode 100644 full-example/home-server/stop.sh create mode 100644 full-example/home-server/wg0.conf create mode 100644 full-example/laptop/laptop.key create mode 100644 full-example/laptop/laptop.key.pub create mode 100644 full-example/laptop/setup.sh create mode 100644 full-example/laptop/start.sh create mode 100644 full-example/laptop/stop.sh create mode 100644 full-example/laptop/wg0.conf create mode 100644 full-example/phone/phone.key create mode 100644 full-example/phone/phone.key.pub create mode 100644 full-example/phone/setup.sh create mode 100644 full-example/phone/start.sh create mode 100644 full-example/phone/stop.sh create mode 100644 full-example/phone/wg0.conf create mode 100644 full-example/public-server1/public-server1.key create mode 100644 full-example/public-server1/public-server1.key.pub create mode 100644 full-example/public-server1/setup.sh create mode 100644 full-example/public-server1/start.sh create mode 100644 full-example/public-server1/stop.sh create mode 100644 full-example/public-server1/wg0.conf create mode 100644 full-example/public-server2/public-server2.key create mode 100644 full-example/public-server2/public-server2.key.pub create mode 100644 full-example/public-server2/setup.sh create mode 100644 full-example/public-server2/start.sh create mode 100644 full-example/public-server2/stop.sh create mode 100644 full-example/public-server2/wg0.conf diff --git a/full-example/home-server/home-server.key b/full-example/home-server/home-server.key new file mode 100644 index 0000000..2df1302 --- /dev/null +++ b/full-example/home-server/home-server.key @@ -0,0 +1 @@ +WN+bvd3PCWs5Pk3bvl7abWR0c1L6PCWKYRX56mjVYGo= diff --git a/full-example/home-server/home-server.key.pub b/full-example/home-server/home-server.key.pub new file mode 100644 index 0000000..6d118d2 --- /dev/null +++ b/full-example/home-server/home-server.key.pub @@ -0,0 +1 @@ +8bSk5fATxg9qdxbK20iTGdrQ7SWvxIBhxdMo+W54pEg= diff --git a/full-example/home-server/setup.sh b/full-example/home-server/setup.sh new file mode 100644 index 0000000..722ba80 --- /dev/null +++ b/full-example/home-server/setup.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +# install wireguard on FreeBSD +pkg install wireguard + +# install wireguard on Ubuntu +#add-apt-repository ppa:wireguard/wireguard +#apt update +#apt install wireguard diff --git a/full-example/home-server/start.sh b/full-example/home-server/start.sh new file mode 100644 index 0000000..9e6a2fb --- /dev/null +++ b/full-example/home-server/start.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +wg-quick up "$PEER_DIR"/wg0.conf +wg show diff --git a/full-example/home-server/stop.sh b/full-example/home-server/stop.sh new file mode 100644 index 0000000..2faef2c --- /dev/null +++ b/full-example/home-server/stop.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +wg-quick down "$PEER_DIR"/wg0.conf +wg show diff --git a/full-example/home-server/wg0.conf b/full-example/home-server/wg0.conf new file mode 100644 index 0000000..58033a8 --- /dev/null +++ b/full-example/home-server/wg0.conf @@ -0,0 +1,14 @@ +[Interface] +# Name = home-server.example-vpn.dev +Address = 10.0.0.3/32 +ListenPort = 51820 +PrivateKey = +DNS = 1.1.1.1 + +[Peer] +# Name = public-server1.example-vpn.tld +Endpoint = public-server1.example-vpn.tld:51820 +PublicKey = +# routes traffic to itself and entire subnet of peers as bounce server +AllowedIPs = 10.0.0.1/24 +PersistentKeepalive = 25 diff --git a/full-example/laptop/laptop.key b/full-example/laptop/laptop.key new file mode 100644 index 0000000..686b3d9 --- /dev/null +++ b/full-example/laptop/laptop.key @@ -0,0 +1 @@ +OPmibSXYAAcMIYKNsWqr77zY06Kl750AEB1nWQi1T2o= diff --git a/full-example/laptop/laptop.key.pub b/full-example/laptop/laptop.key.pub new file mode 100644 index 0000000..4165fa8 --- /dev/null +++ b/full-example/laptop/laptop.key.pub @@ -0,0 +1 @@ +BV5DjXeCugIrjvEZLo4sZ0hN5wveFTH8kOfZ1AIQ5js= diff --git a/full-example/laptop/setup.sh b/full-example/laptop/setup.sh new file mode 100644 index 0000000..5fb0157 --- /dev/null +++ b/full-example/laptop/setup.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +# install wireguard on Ubuntu +#add-apt-repository ppa:wireguard/wireguard +#apt update +#apt install wireguard + +# install wireguard on macOS +brew install wireguard-tools diff --git a/full-example/laptop/start.sh b/full-example/laptop/start.sh new file mode 100644 index 0000000..9e6a2fb --- /dev/null +++ b/full-example/laptop/start.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +wg-quick up "$PEER_DIR"/wg0.conf +wg show diff --git a/full-example/laptop/stop.sh b/full-example/laptop/stop.sh new file mode 100644 index 0000000..2faef2c --- /dev/null +++ b/full-example/laptop/stop.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +wg-quick down "$PEER_DIR"/wg0.conf +wg show diff --git a/full-example/laptop/wg0.conf b/full-example/laptop/wg0.conf new file mode 100644 index 0000000..3ed53e8 --- /dev/null +++ b/full-example/laptop/wg0.conf @@ -0,0 +1,13 @@ +[Interface] +# Name = laptop.example-vpn.dev +Address = 10.0.0.4/32 +PrivateKey = +DNS = 1.1.1.1 + +[Peer] +# Name = public-server1.example-vpn.tld +Endpoint = public-server1.example-vpn.tld:51820 +PublicKey = +# routes traffic to itself and entire subnet of peers as bounce server +AllowedIPs = 10.0.0.1/24 +PersistentKeepalive = 25 diff --git a/full-example/phone/phone.key b/full-example/phone/phone.key new file mode 100644 index 0000000..a855da1 --- /dev/null +++ b/full-example/phone/phone.key @@ -0,0 +1 @@ +WH98AvjKKZ584ZLb69G912bNry2wOda9+kfzm+qbnUw= diff --git a/full-example/phone/phone.key.pub b/full-example/phone/phone.key.pub new file mode 100644 index 0000000..0d67922 --- /dev/null +++ b/full-example/phone/phone.key.pub @@ -0,0 +1 @@ +VpjKa2MQKXuvttXRwJIe0LLYrtFYGQRTtmt8okUGm3A= diff --git a/full-example/phone/setup.sh b/full-example/phone/setup.sh new file mode 100644 index 0000000..fdbf4f4 --- /dev/null +++ b/full-example/phone/setup.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +# install wireguard on iOS/Android +echo "Use the iOS App Store / Google Play Store to install WireGuard on your mobile device" diff --git a/full-example/phone/start.sh b/full-example/phone/start.sh new file mode 100644 index 0000000..de47355 --- /dev/null +++ b/full-example/phone/start.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +echo "Use the iOS/Android app to load the wg0.conf file and start Wireguard" diff --git a/full-example/phone/stop.sh b/full-example/phone/stop.sh new file mode 100644 index 0000000..4fc7f4a --- /dev/null +++ b/full-example/phone/stop.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +echo "Use the iOS/Android app to load the wg0.conf file and stop Wireguard" diff --git a/full-example/phone/wg0.conf b/full-example/phone/wg0.conf new file mode 100644 index 0000000..4123df9 --- /dev/null +++ b/full-example/phone/wg0.conf @@ -0,0 +1,13 @@ +[Interface] +# Name = phone.example-vpn.dev +Address = 10.0.0.5/32 +PrivateKey = +DNS = 1.1.1.1 + +[Peer] +# Name = public-server1.example-vpn.tld +Endpoint = public-server1.example-vpn.tld:51820 +PublicKey = +# routes traffic to itself and entire subnet of peers as bounce server +AllowedIPs = 10.0.0.1/24 +PersistentKeepalive = 25 diff --git a/full-example/public-server1/public-server1.key b/full-example/public-server1/public-server1.key new file mode 100644 index 0000000..e97b37e --- /dev/null +++ b/full-example/public-server1/public-server1.key @@ -0,0 +1 @@ +2P/3ll/TxGTjGqwcWnqJMnjwPqGw7oX1RaXlPfsf2FQ= diff --git a/full-example/public-server1/public-server1.key.pub b/full-example/public-server1/public-server1.key.pub new file mode 100644 index 0000000..5912f3f --- /dev/null +++ b/full-example/public-server1/public-server1.key.pub @@ -0,0 +1 @@ +q/+jwmL5tNuYSB3z+t9Caj00Pc1YQ8zf+uNPu/UE1wE= diff --git a/full-example/public-server1/setup.sh b/full-example/public-server1/setup.sh new file mode 100644 index 0000000..b9991f8 --- /dev/null +++ b/full-example/public-server1/setup.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +# install wireguard +add-apt-repository ppa:wireguard/wireguard +apt update +apt install wireguard + +# to enable kernel relaying/forwarding ability on bounce servers +echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf +echo "net.ipv4.conf.all.proxy_arp" >> /etc/sysctl.conf +sudo sysctl -p /etc/sysctl.conf + +# to add iptables forwarding rules on bounce servers +iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT +iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT +iptables -A FORWARD -i wg0 -o wg0 -m conntrack --ctstate NEW -j ACCEPT +iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE diff --git a/full-example/public-server1/start.sh b/full-example/public-server1/start.sh new file mode 100644 index 0000000..9e6a2fb --- /dev/null +++ b/full-example/public-server1/start.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +wg-quick up "$PEER_DIR"/wg0.conf +wg show diff --git a/full-example/public-server1/stop.sh b/full-example/public-server1/stop.sh new file mode 100644 index 0000000..2faef2c --- /dev/null +++ b/full-example/public-server1/stop.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +wg-quick down "$PEER_DIR"/wg0.conf +wg show diff --git a/full-example/public-server1/wg0.conf b/full-example/public-server1/wg0.conf new file mode 100644 index 0000000..0a3983d --- /dev/null +++ b/full-example/public-server1/wg0.conf @@ -0,0 +1,28 @@ +[Interface] +# Name = public-server1.example-vpn.tld +Address = 10.0.0.1/24 +ListenPort = 51820 +PrivateKey = +DNS = 1.1.1.1 + +[Peer] +# Name = public-server2.example-vpn.dev +Endpoint = public-server2.example-vpn.dev:51820 +PublicKey = +AllowedIPs = 10.0.0.2/32 + +[Peer] +# Name = home-server.example-vpn.dev +Endpoint = home-server.example-vpn.dev:51820 +PublicKey = +AllowedIPs = 10.0.0.3/32 + +[Peer] +# Name = laptop.example-vpn.dev +PublicKey = +AllowedIPs = 10.0.0.4/32 + +[Peer] +# phone.example-vpn.dev +PublicKey = +AllowedIPs = 10.0.0.5/32 diff --git a/full-example/public-server2/public-server2.key b/full-example/public-server2/public-server2.key new file mode 100644 index 0000000..44ad287 --- /dev/null +++ b/full-example/public-server2/public-server2.key @@ -0,0 +1 @@ +eDwURfg8PhpUAdPp+OA9pQ5oZQYqGqY3LToUORMh220= diff --git a/full-example/public-server2/public-server2.key.pub b/full-example/public-server2/public-server2.key.pub new file mode 100644 index 0000000..52e4ce1 --- /dev/null +++ b/full-example/public-server2/public-server2.key.pub @@ -0,0 +1 @@ +SceMEaVZaZfOGtGXjMsoJjhwxKHkb++9wjxqN1vm32s= diff --git a/full-example/public-server2/setup.sh b/full-example/public-server2/setup.sh new file mode 100644 index 0000000..5bfea98 --- /dev/null +++ b/full-example/public-server2/setup.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +# install wireguard +add-apt-repository ppa:wireguard/wireguard +apt update +apt install wireguard diff --git a/full-example/public-server2/start.sh b/full-example/public-server2/start.sh new file mode 100644 index 0000000..9e6a2fb --- /dev/null +++ b/full-example/public-server2/start.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +wg-quick up "$PEER_DIR"/wg0.conf +wg show diff --git a/full-example/public-server2/stop.sh b/full-example/public-server2/stop.sh new file mode 100644 index 0000000..2faef2c --- /dev/null +++ b/full-example/public-server2/stop.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +wg-quick down "$PEER_DIR"/wg0.conf +wg show diff --git a/full-example/public-server2/wg0.conf b/full-example/public-server2/wg0.conf new file mode 100644 index 0000000..23743c3 --- /dev/null +++ b/full-example/public-server2/wg0.conf @@ -0,0 +1,14 @@ +[Interface] +# Name = public-server2.example-vpn.dev +Address = 10.0.0.2/32 +ListenPort = 51820 +PrivateKey = +DNS = 1.1.1.1 + +[Peer] +# Name = public-server1.example-vpn.tld +Endpoint = public-server1.example-vpn.tld:51820 +PublicKey = +# routes traffic to itself and entire subnet of peers as bounce server +AllowedIPs = 10.0.0.1/24 +PersistentKeepalive = 25