finzzz / wgzero Goto Github PK

View Code? Open in Web Editor NEW

49.0 49.0 9.0 790 KB

Zero overhead wireguard setup

Shell 100.00%

wgzero's People

Contributors

Stargazers

Watchers

Forkers

acidtib harvsg proxy13 jsvazic airgapper privacy-warrior anrg-laas raistech lipekx

wgzero's Issues

Full Routing cannot connect

after fresh installation, wg-quick down wg0 && wg-quick up wg0 causes connection loss.
then..

sometimes can be fixed using ip route add 2001:a:b:c::2/64 dev wg0
can still ping peer
reboot won't solve it
suspected problem : ip routing

References:

How to distribute public ipv6 to the openwrt clients over wireguard using hurricane electric /48 ?

I want to use full routing via hurricane electrics /48 but im not sure how to create the wireguard and openwrt configuration, i tried to randomly select /64 out of /48 and assigned /64 to wireguard interface and /64 to the openwrt as client but then i was not able to assign public ipv6 to the openwrt clients. Any help is much appreciated.

with route48.org i can just create the openwrt config like this https://otus.aug.is/route48-openwrt-wireguard

But i want to use my own vps to have hurricane electric`s network.

Two suggestions

Thanks for this, looks great.

Would be great to add the following options, although I appreciate this work is deliberately un-bloated.

Add option to specify server private key. This would help with transfering installations and/or allowing devices that are already 'clients' of another network to become 'servers'
Add option to specify allowed IPs for each new client, this would make it easier to set up site-to-site networks

IMO this could be added a flags rather than prompts, keeping the plain install very short.

DNS server

Forward dns traffic to wg server
wg server then forwards the traffic to defined dns server
add command for user to define which dns server to use

Add edit function

user chooses which editor to use
edit config
adjust with config in /etc/wireguard

Proper IPv6 implementation

client to client : use ULA by default (prefix fd00)
client to internet : use GUA when available
- nat66 when ipv6 is not in block (i.e. on vultr)
- assign public IPv6 and allow connection normally
- script writing

References:

IPv6 Full routing setup with ndppd

Hi,

First of all, this is a brilliant configuration tool and I am really thankful this exists.

I have recently purchased a VPS with Wired Blade. The offer a routed IPv6 /64 subnet block with the VPS.

I then installed Debian 11 with wiregaurd and other prerequisites mentioned in Readme.
I then ran wgzero install with IPv6 along with full routing and ndppd.

My ip a output:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 52:xx:xx:xx:xx:xx brd ff:xx:xx:xx:xx:xx
    altname enp0s3
    inet 14x.xxx.xxx.xx/26 brd 14x.xxx.xxx.xx scope global ens3
       valid_lft forever preferred_lft forever
    inet6 26xx:xxx:xxxx:xx:bd::1/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe86:ad36/64 scope link 
       valid_lft forever preferred_lft forever
10: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
    link/none 
    inet 10.10.0.1/24 scope global wg0
       valid_lft forever preferred_lft forever
    inet6 26xx:xxx:xxxx:xx:bd::efe4/80 scope global 
       valid_lft forever preferred_lft forever

My server profile

[Interface]
Address = 10.10.0.1/24, 26xx:xxx:xxxx:xx:bd::efe4/80
SaveConfig = false
PrivateKey = <some key>
ListenPort = 17257
PostUp = /xxxx/postup.sh FR
PostDown = /xxxx/postdown.sh FR

# prashantmbp
[Peer]
PublicKey = <client public key>
AllowedIPs = 10.10.0.2/32, 26xx:xxx:xxxx:xx:bd::a271/128

My sysctl.conf:

net.ipv4.ip_forward=1
net.ipv6.conf.default.disable_ipv6=0
net.ipv6.conf.all.disable_ipv6=0
net.ipv6.conf.all.forwarding=1
net.ipv6.conf.all.accept_ra=1
net.ipv6.conf.default.forwarding=1

My client profile:

[Interface]
Address = 10.10.0.2/32, 26xx:xxx:xxxx:xx:bd::a271/128
PrivateKey = <client private key>
DNS = 2606:4700:4700::1111, 1.1.1.1 #Cloudflare DNS

[Peer]
PublicKey = <client public key>
Endpoint = 14x.xxx.xxx.xx:30525
AllowedIPs = 0.0.0.0/0, ::/0

ping6 works from client to Wiregaurd server after connecting VPN:

ping6 26xx:xxx:xxxx:xx:bd::efe4  
PING6(56=40+8+8 bytes) 26xx:xxx:xxxx:xx:bd::a271 --> 26xx:xxx:xxxx:xx:bd::efe4
16 bytes from 26xx:xx:xxxx:xx:bd::efe4, icmp_seq=0 hlim=64 time=349.761 ms
16 bytes from 26xx:xxx:xxxx:xx:bd::efe4, icmp_seq=1 hlim=64 time=370.677 ms

My PostUp rules:

#! /usr/bin/env bash

# ipv4
/usr/sbin/iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE

# ipv6
if [ "$1" == "NAT" ]; then
    /usr/sbin/ip6tables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
elif [ "$1" == "FR" ]; then
    /usr/sbin/ip6tables -A FORWARD -i wg0 -j ACCEPT ; ip6tables -A FORWARD -o wg0 -j ACCEPT
fi

however, ping6 to ipv6.whatismyv6.com fails

ping6 -c1 ipv6.whatismyv6.com    
PING6(56=40+8+8 bytes) 26xx:xxx:xxxx:xx:bd::a271 --> 2001:4838:0:1b::201

--- ipv6.whatismyv6.com ping6 statistics ---
1 packets transmitted, 0 packets received, 100.0% packet los

A few pointers on what could be going wrong would be great.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.