Wireguard VPS server
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 |
#!/bin/bash sudo apt install qrencode iperf iperf3 bmon mc iptraf nmon wireguard-tools umask 077 wg genkey | tee ser_private_key | wg pubkey > ser_public_key wg genkey | tee cli_iphone_privatekey | wg pubkey > cli_iphone_publickey # UFW sudo ufw default deny incoming sudo ufw default allow outgoing sudo ufw allow 33333/udp sudo ufw allow ssh sudo ufw limit ssh # block incoming ICMP https://help.ubuntu.com/community/UFW # sudo ufw status numbered # sudo ufw delete 10 # sudo ufw show raw sudo ufw enable sudo ufw status verbose ubuntu@VPS:~$ cat Iphone.conf [Interface] Address = 10.0.0.1/24 PrivateKey = cli_iphone_privatekey DNS = 1.1.1.1 [Peer] PublicKey = ser_public_key Endpoint = x.x.x.x:33333 #(X.X.X.X - public IP VPS) AllowedIPs = 10.0.0.254/32 ubuntu@VPS:~$ qrencode -t ansiutf8 < Iphone.conf ubuntu@VPS:~$ sudo cat /etc/wireguard/wg0.conf [Interface] PrivateKey = ser_private_key Address = 10.0.0.254/24 ListenPort = 33333 #to share internet and sysctl -w net.ipv4.ip_forward=1 PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE; sysctl -w net.ipv4.ip_forward=1 PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE; sysctl -w net.ipv4.ip_forward=0 #Iphone [Peer] PublicKey = cli_iphone_publickey AllowedIPs = 10.0.0.1/32 ubuntu@VPS:~$ sudo vim /etc/wireguard/wg0.conf sudo systemctl enable wg-quick@wg0 sudo systemctl start wg-quick@wg0 sudo systemctl daemon-reload sudo systemctl status wg-quick@wg0 #wg-quick up wg0 #wg-quick down wg0 sudo wg show #for security sudo ufw deny ssh #access only KVM if this is VPS |