add full example wip

5 years ago · 3086cd43f7
parent 43dde79ee8
commit 3086cd43f7
30 changed files with 183 additions and 0 deletions
--- a/full-example/home-server/home-server.key
+++ b/full-example/home-server/home-server.key
@ -0,0 +1 @@
+WN+bvd3PCWs5Pk3bvl7abWR0c1L6PCWKYRX56mjVYGo=
--- a/full-example/home-server/home-server.key.pub
+++ b/full-example/home-server/home-server.key.pub
@ -0,0 +1 @@
+8bSk5fATxg9qdxbK20iTGdrQ7SWvxIBhxdMo+W54pEg=
--- a/full-example/home-server/setup.sh
+++ b/full-example/home-server/setup.sh
@ -0,0 +1,9 @@
+#!/bin/bash
+
+# install wireguard on FreeBSD
+pkg install wireguard
+
+# install wireguard on Ubuntu
+#add-apt-repository ppa:wireguard/wireguard
+#apt update
+#apt install wireguard
--- a/full-example/home-server/start.sh
+++ b/full-example/home-server/start.sh
@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick up "$PEER_DIR"/wg0.conf
+wg show
--- a/full-example/home-server/stop.sh
+++ b/full-example/home-server/stop.sh
@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick down "$PEER_DIR"/wg0.conf
+wg show
--- a/full-example/home-server/wg0.conf
+++ b/full-example/home-server/wg0.conf
@ -0,0 +1,14 @@
+[Interface]
+# Name = home-server.example-vpn.dev
+Address = 10.0.0.3/32
+ListenPort = 51820
+PrivateKey = <private key for home-server.example-vpn.dev>
+DNS = 1.1.1.1
+
+[Peer]
+# Name = public-server1.example-vpn.tld
+Endpoint = public-server1.example-vpn.tld:51820
+PublicKey = <public key for public-server1.example-vpn.tld>
+# routes traffic to itself and entire subnet of peers as bounce server
+AllowedIPs = 10.0.0.1/24
+PersistentKeepalive = 25
--- a/full-example/laptop/laptop.key
+++ b/full-example/laptop/laptop.key
@ -0,0 +1 @@
+OPmibSXYAAcMIYKNsWqr77zY06Kl750AEB1nWQi1T2o=
--- a/full-example/laptop/laptop.key.pub
+++ b/full-example/laptop/laptop.key.pub
@ -0,0 +1 @@
+BV5DjXeCugIrjvEZLo4sZ0hN5wveFTH8kOfZ1AIQ5js=
--- a/full-example/laptop/setup.sh
+++ b/full-example/laptop/setup.sh
@ -0,0 +1,9 @@
+#!/bin/bash
+
+# install wireguard on Ubuntu
+#add-apt-repository ppa:wireguard/wireguard
+#apt update
+#apt install wireguard
+
+# install wireguard on macOS
+brew install wireguard-tools
--- a/full-example/laptop/start.sh
+++ b/full-example/laptop/start.sh
@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick up "$PEER_DIR"/wg0.conf
+wg show
--- a/full-example/laptop/stop.sh
+++ b/full-example/laptop/stop.sh
@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick down "$PEER_DIR"/wg0.conf
+wg show
--- a/full-example/laptop/wg0.conf
+++ b/full-example/laptop/wg0.conf
@ -0,0 +1,13 @@
+[Interface]
+# Name = laptop.example-vpn.dev
+Address = 10.0.0.4/32
+PrivateKey = <private key for laptop.example-vpn.dev>
+DNS = 1.1.1.1
+
+[Peer]
+# Name = public-server1.example-vpn.tld
+Endpoint = public-server1.example-vpn.tld:51820
+PublicKey = <public key for public-server1.example-vpn.tld>
+# routes traffic to itself and entire subnet of peers as bounce server
+AllowedIPs = 10.0.0.1/24
+PersistentKeepalive = 25
--- a/full-example/phone/phone.key
+++ b/full-example/phone/phone.key
@ -0,0 +1 @@
+WH98AvjKKZ584ZLb69G912bNry2wOda9+kfzm+qbnUw=
--- a/full-example/phone/phone.key.pub
+++ b/full-example/phone/phone.key.pub
@ -0,0 +1 @@
+VpjKa2MQKXuvttXRwJIe0LLYrtFYGQRTtmt8okUGm3A=
--- a/full-example/phone/setup.sh
+++ b/full-example/phone/setup.sh
@ -0,0 +1,4 @@
+#!/bin/bash
+
+# install wireguard on iOS/Android
+echo "Use the iOS App Store / Google Play Store to install WireGuard on your mobile device"
--- a/full-example/phone/start.sh
+++ b/full-example/phone/start.sh
@ -0,0 +1,3 @@
+#!/bin/bash
+
+echo "Use the iOS/Android app to load the wg0.conf file and start Wireguard"
--- a/full-example/phone/stop.sh
+++ b/full-example/phone/stop.sh
@ -0,0 +1,3 @@
+#!/bin/bash
+
+echo "Use the iOS/Android app to load the wg0.conf file and stop Wireguard"
--- a/full-example/phone/wg0.conf
+++ b/full-example/phone/wg0.conf
@ -0,0 +1,13 @@
+[Interface]
+# Name = phone.example-vpn.dev
+Address = 10.0.0.5/32
+PrivateKey = <private key for phone.example-vpn.dev>
+DNS = 1.1.1.1
+
+[Peer]
+# Name = public-server1.example-vpn.tld
+Endpoint = public-server1.example-vpn.tld:51820
+PublicKey = <public key for public-server1.example-vpn.tld>
+# routes traffic to itself and entire subnet of peers as bounce server
+AllowedIPs = 10.0.0.1/24
+PersistentKeepalive = 25
--- a/full-example/public-server1/public-server1.key
+++ b/full-example/public-server1/public-server1.key
@ -0,0 +1 @@
+2P/3ll/TxGTjGqwcWnqJMnjwPqGw7oX1RaXlPfsf2FQ=
--- a/full-example/public-server1/public-server1.key.pub
+++ b/full-example/public-server1/public-server1.key.pub
@ -0,0 +1 @@
+q/+jwmL5tNuYSB3z+t9Caj00Pc1YQ8zf+uNPu/UE1wE=
--- a/full-example/public-server1/setup.sh
+++ b/full-example/public-server1/setup.sh
@ -0,0 +1,17 @@
+#!/bin/bash
+
+# install wireguard
+add-apt-repository ppa:wireguard/wireguard
+apt update
+apt install wireguard
+
+# to enable kernel relaying/forwarding ability on bounce servers
+echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
+echo "net.ipv4.conf.all.proxy_arp" >> /etc/sysctl.conf
+sudo sysctl -p /etc/sysctl.conf
+
+# to add iptables forwarding rules on bounce servers
+iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+iptables -A FORWARD -i wg0 -o wg0 -m conntrack --ctstate NEW -j ACCEPT
+iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
--- a/full-example/public-server1/start.sh
+++ b/full-example/public-server1/start.sh
@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick up "$PEER_DIR"/wg0.conf
+wg show
--- a/full-example/public-server1/stop.sh
+++ b/full-example/public-server1/stop.sh
@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick down "$PEER_DIR"/wg0.conf
+wg show
--- a/full-example/public-server1/wg0.conf
+++ b/full-example/public-server1/wg0.conf
@ -0,0 +1,28 @@
+[Interface]
+# Name = public-server1.example-vpn.tld
+Address = 10.0.0.1/24
+ListenPort = 51820
+PrivateKey = <private key for public-server1.example-vpn.tld>
+DNS = 1.1.1.1
+
+[Peer]
+# Name = public-server2.example-vpn.dev
+Endpoint = public-server2.example-vpn.dev:51820
+PublicKey = <public key for public-server2.example-vpn.dev>
+AllowedIPs = 10.0.0.2/32
+
+[Peer]
+# Name = home-server.example-vpn.dev
+Endpoint = home-server.example-vpn.dev:51820
+PublicKey = <public key for home-server.example-vpn.dev>
+AllowedIPs = 10.0.0.3/32
+
+[Peer]
+# Name = laptop.example-vpn.dev
+PublicKey = <private key for laptop.example-vpn.dev>
+AllowedIPs = 10.0.0.4/32
+
+[Peer]
+# phone.example-vpn.dev
+PublicKey = <public key for phone.example-vpn.dev>
+AllowedIPs = 10.0.0.5/32
--- a/full-example/public-server2/public-server2.key
+++ b/full-example/public-server2/public-server2.key
@ -0,0 +1 @@
+eDwURfg8PhpUAdPp+OA9pQ5oZQYqGqY3LToUORMh220=
--- a/full-example/public-server2/public-server2.key.pub
+++ b/full-example/public-server2/public-server2.key.pub
@ -0,0 +1 @@
+SceMEaVZaZfOGtGXjMsoJjhwxKHkb++9wjxqN1vm32s=
--- a/full-example/public-server2/setup.sh
+++ b/full-example/public-server2/setup.sh
@ -0,0 +1,6 @@
+#!/bin/bash
+
+# install wireguard
+add-apt-repository ppa:wireguard/wireguard
+apt update
+apt install wireguard
--- a/full-example/public-server2/start.sh
+++ b/full-example/public-server2/start.sh
@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick up "$PEER_DIR"/wg0.conf
+wg show
--- a/full-example/public-server2/stop.sh
+++ b/full-example/public-server2/stop.sh
@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick down "$PEER_DIR"/wg0.conf
+wg show
--- a/full-example/public-server2/wg0.conf
+++ b/full-example/public-server2/wg0.conf
@ -0,0 +1,14 @@
+[Interface]
+# Name = public-server2.example-vpn.dev
+Address = 10.0.0.2/32
+ListenPort = 51820
+PrivateKey = <private key for public-server2.example-vpn.dev>
+DNS = 1.1.1.1
+
+[Peer]
+# Name = public-server1.example-vpn.tld
+Endpoint = public-server1.example-vpn.tld:51820
+PublicKey = <public key for public-server1.example-vpn.tld>
+# routes traffic to itself and entire subnet of peers as bounce server
+AllowedIPs = 10.0.0.1/24
+PersistentKeepalive = 25
				`@ -0,0 +1 @@`
				`WN+bvd3PCWs5Pk3bvl7abWR0c1L6PCWKYRX56mjVYGo=`
				`@ -0,0 +1 @@`
				`8bSk5fATxg9qdxbK20iTGdrQ7SWvxIBhxdMo+W54pEg=`
				`@ -0,0 +1 @@`
				`OPmibSXYAAcMIYKNsWqr77zY06Kl750AEB1nWQi1T2o=`
				`@ -0,0 +1 @@`
				`BV5DjXeCugIrjvEZLo4sZ0hN5wveFTH8kOfZ1AIQ5js=`
				`@ -0,0 +1 @@`
				`WH98AvjKKZ584ZLb69G912bNry2wOda9+kfzm+qbnUw=`
				`@ -0,0 +1 @@`
				`VpjKa2MQKXuvttXRwJIe0LLYrtFYGQRTtmt8okUGm3A=`
				`@ -0,0 +1 @@`
				`2P/3ll/TxGTjGqwcWnqJMnjwPqGw7oX1RaXlPfsf2FQ=`
				`@ -0,0 +1 @@`
				`q/+jwmL5tNuYSB3z+t9Caj00Pc1YQ8zf+uNPu/UE1wE=`
				`@ -0,0 +1 @@`
				`eDwURfg8PhpUAdPp+OA9pQ5oZQYqGqY3LToUORMh220=`
				`@ -0,0 +1 @@`
				`SceMEaVZaZfOGtGXjMsoJjhwxKHkb++9wjxqN1vm32s=`