add full example wip

2025-10-03 14:26:18 +00:00 · 2019-05-28 05:33:04 -04:00
parent 43dde79ee8
commit 3086cd43f7
30 changed files with 183 additions and 0 deletions
--- a/full-example/public-server1/public-server1.key
+++ b/full-example/public-server1/public-server1.key
@@ -0,0 +1 @@
+2P/3ll/TxGTjGqwcWnqJMnjwPqGw7oX1RaXlPfsf2FQ=
--- a/full-example/public-server1/public-server1.key.pub
+++ b/full-example/public-server1/public-server1.key.pub
@@ -0,0 +1 @@
+q/+jwmL5tNuYSB3z+t9Caj00Pc1YQ8zf+uNPu/UE1wE=
--- a/full-example/public-server1/setup.sh
+++ b/full-example/public-server1/setup.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+# install wireguard
+add-apt-repository ppa:wireguard/wireguard
+apt update
+apt install wireguard
+
+# to enable kernel relaying/forwarding ability on bounce servers
+echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
+echo "net.ipv4.conf.all.proxy_arp" >> /etc/sysctl.conf
+sudo sysctl -p /etc/sysctl.conf
+
+# to add iptables forwarding rules on bounce servers
+iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+iptables -A FORWARD -i wg0 -o wg0 -m conntrack --ctstate NEW -j ACCEPT
+iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
--- a/full-example/public-server1/start.sh
+++ b/full-example/public-server1/start.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick up "$PEER_DIR"/wg0.conf
+wg show
--- a/full-example/public-server1/stop.sh
+++ b/full-example/public-server1/stop.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick down "$PEER_DIR"/wg0.conf
+wg show
--- a/full-example/public-server1/wg0.conf
+++ b/full-example/public-server1/wg0.conf
@@ -0,0 +1,28 @@
+[Interface]
+# Name = public-server1.example-vpn.tld
+Address = 10.0.0.1/24
+ListenPort = 51820
+PrivateKey = <private key for public-server1.example-vpn.tld>
+DNS = 1.1.1.1
+
+[Peer]
+# Name = public-server2.example-vpn.dev
+Endpoint = public-server2.example-vpn.dev:51820
+PublicKey = <public key for public-server2.example-vpn.dev>
+AllowedIPs = 10.0.0.2/32
+
+[Peer]
+# Name = home-server.example-vpn.dev
+Endpoint = home-server.example-vpn.dev:51820
+PublicKey = <public key for home-server.example-vpn.dev>
+AllowedIPs = 10.0.0.3/32
+
+[Peer]
+# Name = laptop.example-vpn.dev
+PublicKey = <private key for laptop.example-vpn.dev>
+AllowedIPs = 10.0.0.4/32
+
+[Peer]
+# phone.example-vpn.dev
+PublicKey = <public key for phone.example-vpn.dev>
+AllowedIPs = 10.0.0.5/32
				`@@ -0,0 +1 @@`
				`2P/3ll/TxGTjGqwcWnqJMnjwPqGw7oX1RaXlPfsf2FQ=`
				`@@ -0,0 +1 @@`
				`q/+jwmL5tNuYSB3z+t9Caj00Pc1YQ8zf+uNPu/UE1wE=`