docker-compose environment for the entire v.st system https://v.st/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
env/wireguard/README.md

30 lines
1.1 KiB

# Wireguard proxy setup
This is for a server that is inside of a firewall or behind a NAT gateway
that doesn't have a static IP address. A cheap $6/month DigitalOcean droplet
can be created that will route *all* internet traffic to the server, allowing
it to change IP.
* On both proxy and the server:
```
sudo apt install wireguard-tools net-tools
wg genkey \
| sudo tee /etc/wireguard/wg0.key \
| wg pubkey \
| sudo tee /etc/wireguard/wg0.pub
sudo chmod -R go-rwx /etc/wireguard
```
* Copy `wireguard/wg0-proxy.conf` to `/etc/wireguard/wg0.conf` on the proxy
* On the **proxy** edit `/etc/wireguard/wg0.conf`:
* Change `${SERVER_PUBKEY}` to the public key that was output on the server
* Copy `wireguard/wg0-server.conf` to `/etc/wireguard/wg0.conf` on the server.
* On the **server** edit `/etc/wireguard/wg0.conf`:
* Change `${PROXY_IP}` to the public IP address of the proxy (two places)
* Change `${PROXY_PUBKEY}` to the public key output on the proxy (two places)
* Change `${SERVER_GW}` to the gateway address used to reach the internet from the server
* On both machines run `sudo wg-quick up /etc/wireguard/wg0.conf`