View on GitHub

A collection of How-To to install and operate a Personal Cloud

Home | Manifesto | Personal Cluster

How-To | Support | Contribute

Wireguard as a gateway

On the gateway side

apt install wireguard

cd /etc/wireguard

umask 077; wg genkey | tee privatekey | wg pubkey > publickey

vi /etc/wireguard/wg0.conf

[Interface]
Address = 10.8.0.1/24
SaveConfig = true
ListenPort = 51820
PrivateKey = ...

[Peer]
PublicKey = ...
AllowedIPs = 10.8.0.0/24, 192.168.0.0/24

vi /etc/sysctl.conf

net.ipv4.ip_forward=1

systemctl enable wg-quick@wg0

systemctl start wg-quick@wg0

apt install iptables

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

To forward the traffic from Internet to your local network

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 192.168.0.101:80

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to-destination 192.168.0.101:8443

apt install iptables-persistent

On the client side

apt install wireguard

sh -c 'umask 077; touch /etc/wireguard/wg0.conf'

cd /etc/wireguard

umask 077; wg genkey | tee privatekey | wg pubkey > publickey

nano /etc/wireguard/wg0.conf

[Interface]
PrivateKey = 
Address = 10.8.0.2/24

[Peer]
PublicKey = 
AllowedIPs = 0.0.0.0/0
Endpoint = 3.124.204.47:51820
PersistentKeepalive = 20

systemctl enable wg-quick@wg0

systemctl start wg-quick@wg0

vi /etc/sysctl.conf

net.ipv4.ip_forward=1

apt install iptables

iptables -A FORWARD -i eth0 -j ACCEPT

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Limit forward

iptables -P FORWARD DROP
iptables -A FORWARD -d 192.168.0.101 -j ACCEPT
iptables -A FORWARD -d 192.168.0.102 -j ACCEPT

apt install iptables-persistent