Note to self on setting up Wireguard VPN service.
# Enable wireguard PPA (not required on Ubuntu Eoan)
sudo add-apt-repository ppa:wireguard/wireguard -y
sudo apt-get update -y
# Install dependencies and wireguard
sudo apt-get install linux-headers-$(uname -r) -y
sudo apt-get install wireguard -y
## IP Forwarding
sudo sed -i -e 's/#net.ipv4.ip_forward.*/net.ipv4.ip_forward=1/g' /etc/sysctl.conf
sudo sed -i -e 's/#net.ipv6.conf.all.forwarding.*/net.ipv6.conf.all.forwarding=1/g' /etc/sysctl.conf
sudo sysctl -p
## Firewall
sudo ufw allow 51820/udp
sudo ufw allow 22/tcp
sudo ufw enable
# Use the key generated here below
wg genkey
sudo vim /etc/wireguard/wg0.conf
Add the following to /etc/wireguard/wg0.conf
[Interface]
Address = 10.14.0.0/32
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51820
PrivateKey = <output from wg genkey>
[Peer]
PublicKey = <from your client>
# This should match that of the client's configuration. Ensure it is in the same subet as defined in the 'Address' field of the [Interface] section above
AllowedIPs = 10.14.0.10/32
## WireGuard Service
wg-quick up wg0
sudo systemctl enable wg-quick@wg0
On the client, use configurations as this one.
[Interface]
PrivateKey = <client's private key, auto generated by most clients; else use 'wg genkey'>
Address = 10.14.0.10/32
DNS = <Your preferred DNS or router Gateway IP address>
[Peer]
PublicKey = <Server's public key; listed on running 'sudo wg' on the server, after setting up the server config as above, with a private key included>
AllowedIPs = ::/0, 0.0.0.0/0
Endpoint = <server-dns-name>:52121
On the server, repeat the [Peer] section(s) as needed, one for each additional client. Remember to provide unique IPs to each client, ensuring the address fall in the subnet range provided in the server’s Address field in the [Interface] section.
References
‘I gazed around myself, and my soul was wounded by human suffering. I then looked inside myself, and saw that man’s troubles come from man himself.’
Yegor Zhukov quoting Alexander Radishchev during his trial
“We’re in such a hurry most of the time we never get much chance to talk,” Pirsig writes. “The result is a kind of endless day-to-day shallowness, a monotony that leaves a person wondering years later where all the time went and sorry that it’s all gone.”
Robert Prisig, Zen and the Art of Motorcycle Maintenance Excerpt on Smithsonian Mag
A NON-MATHEMATICIAN MIGHT ASK if any of these problems have real-world applications, but is that fair? No one asks a poet what a new poem “does.” The poem’s simplicity, elegance, and beauty are sufficient reasons for its existence. Aren’t the same things true for a mathematical proof?
Mark F. Bernstein, quoting mathematician Terence Tao on the PAW
The lesson, maybe, is simple: If your phone is so much more powerful than the computers that put humanity on the moon, then why are you just staring at Instagram all day? Computation is means, not end.
Alexis C. Madrigal, Your Smart Toaster Can’t Hold a Candle to the Apollo Computer
|
Original design for Tumblr crafted by Prashanth Kamalakanthan. Adapted for Tumblr & Jekyll by Sai Charan. Customized theme available on Github. Sai Charan's blog by Sai Charan is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License. |
|