WireGuard: Difference between revisions
Saved progress so far |
→Configure the server: Split the section up and added permissions bullet point |
||
| Line 37: | Line 37: | ||
We will now configure the server settings for WireGuard. WireGuard comes complete with tools to create the the private/public keys needed to function and is configured with a simple configuration file. | We will now configure the server settings for WireGuard. WireGuard comes complete with tools to create the the private/public keys needed to function and is configured with a simple configuration file. | ||
=== Become a superuser === | |||
For the following sets, you may need to become a superuser (<code>su</code>) to access the WireGuard folder. | For the following sets, you may need to become a superuser (<code>su</code>) to access the WireGuard folder. | ||
* Become a superuser - <code>su</code> | * Become a superuser - <code>su</code> | ||
=== Move to WireGuard directory === | |||
* Type your root password and press {{key press|Enter}}. The terminal text should change to red to indicate you are now a superuser. | * Type your root password and press {{key press|Enter}}. The terminal text should change to red to indicate you are now a superuser. | ||
* Move to the WireGuard directory - <code>cd /etc/wireguard</code> | * Move to the WireGuard directory - <code>cd /etc/wireguard</code> | ||
You will find this directory is empty - we will work in this directory which is secure. | You will find this directory is empty - we will work in this directory which is secure. | ||
=== Generate public/private key pair === | |||
* Create a private and public key for the server. You can use the following command: | * Create a private and public key for the server. You can use the following command: | ||
| Line 64: | Line 70: | ||
* Change the permissions of the private key so that only superusers can access the key: <code>chmod 600 server-privatekey</code> | * Change the permissions of the private key so that only superusers can access the key: <code>chmod 600 server-privatekey</code> | ||
* We need the private key to put in the configuration file: <code>cat server-privatekey</code>. This will display the key on the screen which can then be copied. | * We need the private key to put in the configuration file: <code>cat server-privatekey</code>. This will display the key on the screen which can then be copied. | ||
=== Create configuration file === | |||
* We will create a configuration file with the same name as the interface WireGuard will create: <code>nano wg0.conf</code> | * We will create a configuration file with the same name as the interface WireGuard will create: <code>nano wg0.conf</code> | ||
* Insert the following into the file: | * Insert the following into the file: | ||
| Line 85: | Line 94: | ||
** <code>PostUp = iptables -t nat -A POSTROUTING -o em1 -j MASQUERADE</code> and <code>PostDown = iptables -t nat -D POSTROUTING -o em1 -j MASQUERADE</code> - the interface needs changing according to the name of the Ethernet card on your computer (<code>em1</code> in this example</code>, which can be found by typing <code>ip a</code>. Common names include <code>eth0</code>, <code>eno1</code> and <code>em1</code>. | ** <code>PostUp = iptables -t nat -A POSTROUTING -o em1 -j MASQUERADE</code> and <code>PostDown = iptables -t nat -D POSTROUTING -o em1 -j MASQUERADE</code> - the interface needs changing according to the name of the Ethernet card on your computer (<code>em1</code> in this example</code>, which can be found by typing <code>ip a</code>. Common names include <code>eth0</code>, <code>eno1</code> and <code>em1</code>. | ||
* Once done, save the file: {{key press|Ctrl|X}}, {{key press|Y}} then {{key press|Enter}}. | * Once done, save the file: {{key press|Ctrl|X}}, {{key press|Y}} then {{key press|Enter}}. | ||
* Change the permissions so that the configuration file can only be accessed by superusers: <code>chmod 600 wg0.conf</code> | |||
== Start WireGuard == | == Start WireGuard == | ||