mirror of
https://github.com/Brandon-Rozek/website.git
synced 2024-11-28 23:07:03 -05:00
Added section on firewall rules to wireguard post
This commit is contained in:
parent
3549e2defd
commit
56fd5bda72
1 changed files with 15 additions and 1 deletions
|
@ -54,7 +54,16 @@ You might be wondering why we have `/24` in the Address field but `/32` in the A
|
||||||
|
|
||||||
This is because we want our address to be in the `/24` subnet, but we only want that specific IP to be able to connect via that specific public key.
|
This is because we want our address to be in the `/24` subnet, but we only want that specific IP to be able to connect via that specific public key.
|
||||||
|
|
||||||
Warning: Make sure you have 51826 open on your firewall.
|
**Firewall Rules**
|
||||||
|
First you want to make sure that the port you specified is open on your firewall
|
||||||
|
```bash
|
||||||
|
sudo ufw allow 51826
|
||||||
|
```
|
||||||
|
|
||||||
|
Next you'll want to allow routing and any traffic to happen within that VPN interface.
|
||||||
|
```bash
|
||||||
|
sudo ufw route allow in on wg0 out on wg0
|
||||||
|
```
|
||||||
|
|
||||||
Now to have your server route traffic between the different clients connected to it, you need to enable IPv4 forwarding.
|
Now to have your server route traffic between the different clients connected to it, you need to enable IPv4 forwarding.
|
||||||
|
|
||||||
|
@ -90,6 +99,11 @@ Replace `x` with a unique value per client. This configuration file has the clie
|
||||||
|
|
||||||
The DNS server is helpful if you have a DNS server running in that private network to access local resources. If you don't have an existing DNS server in the network, do not include that line. Also if you receive any errors in the future, you might need to make sure `resolvconf` is a command on your system.
|
The DNS server is helpful if you have a DNS server running in that private network to access local resources. If you don't have an existing DNS server in the network, do not include that line. Also if you receive any errors in the future, you might need to make sure `resolvconf` is a command on your system.
|
||||||
|
|
||||||
|
If you want you can also allow traffic within your trusted VPN network.
|
||||||
|
```bash
|
||||||
|
sudo ufw allow in on wg0 out on wg0
|
||||||
|
```
|
||||||
|
|
||||||
**On all machines:**
|
**On all machines:**
|
||||||
|
|
||||||
Have the wireguard service start at boot
|
Have the wireguard service start at boot
|
||||||
|
|
Loading…
Reference in a new issue