|
|
|
# Remote Server
|
|
|
|
|
|
|
|
## Enable IP Forwarding
|
|
|
|
|
|
|
|
Edit /etc/sysctl.conf
|
|
|
|
|
|
|
|
net.ipv4.ip_forward = 1
|
|
|
|
|
|
|
|
Apply changes
|
|
|
|
|
|
|
|
sysctl -p
|
|
|
|
|
|
|
|
Update iptables
|
|
|
|
|
|
|
|
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
|
|
|
iptables -A FORWARD -i wg0 -o eth0 -j ACCEPT
|
|
|
|
iptables -A FORWARD -i eth0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
|
|
|
|
|
|
|
Save iptables rules
|
|
|
|
|
|
|
|
# On systems with iptables-persistent or netfilter-persistent installed:
|
|
|
|
iptables-save > /etc/iptables/rules.v4
|
|
|
|
|
|
|
|
|
|
|
|
# Local Client
|
|
|
|
|
|
|
|
## Update Wireguard Config
|
|
|
|
|
|
|
|
Copy /etc/iptables.up.rules to /etc/iptables.wireguard.up.rules and update so wlan0 traffic is forwarded through wg0. In /etc/wireguard/wg0.conf set default route to go through the Wireguard tunnel and forward WiFi access point traffic through tunnel.
|
|
|
|
|
|
|
|
[Interface]
|
|
|
|
PrivateKey = qBVWKIz3o???????????????????????????????=
|
|
|
|
Address = 172.16.0.5/24
|
|
|
|
PostUp = ip route add default dev wg0
|
|
|
|
PostUp = iptables-restore < /etc/iptables.wireguard.up.rules
|
|
|
|
|
|
|
|
Allow all IP's to route through the Wireguard interface. Set AllowedIPs to 0.0.0.0/0 and ::0 to allow all ipv4 and ipv6 to pass through the Wireguard tunnel.
|
|
|
|
|
|
|
|
[Peer]
|
|
|
|
PublicKey = z/LvmbbAZlo2llbIjKUriS/VmLHwDBryTxBs1GnHuFk= Endpoint = 64.62.244.11:51777 # Allow Internet traffic AllowedIPs = 0.0.0.0/0, ::/0 PersistentKeepalive = 25
|
|
|
|
|
|
|
|
## Update eth0 wired network
|
|
|
|
|
|
|
|
Default traffic will go through Wireguard, so a route needs to be explicitly added for the remote Wireguard server.
|
|
|
|
|
|
|
|
In /etc/network/interfaces.d/01-wired.conf add a post-up to add the route to the remote server.
|
|
|
|
|
|
|
|
# eth0 Wired Interface
|
|
|
|
auto eth0
|
|
|
|
iface eth0 inet static
|
|
|
|
address 192.168.1.33
|
|
|
|
netmask 255.255.255.0
|
|
|
|
#gateway 192.168.1.1
|
|
|
|
dns-nameservers: 192.168.1.4
|
|
|
|
# post-up iptables-restore < /etc/iptables.up.rules
|
|
|
|
post-up ip route add 64.62.244.11 via 192.168.1.1
|
|
|
|
|
|
|
|
## Update DHCP Config
|
|
|
|
|
|
|
|
The DNS server used by WiFi access point clients needs to be updated to a server it can hit. This should probably be a custom server on the local network, but in this case we will update to a public DNS (Google and Cloudflare)
|
|
|
|
|
|
|
|
Update the domain-name-servers setting in /etc/kea/kea-dhcp4.conf
|
|
|
|
|
|
|
|
{
|
|
|
|
"name": "domain-name-servers",
|
|
|
|
"data": "1.1.1.1, 8.8.8.8"
|
|
|
|
},
|
|
|
|
|
|
|
|
Reboot the mitzi to apply all the changed settings |
|
|
\ No newline at end of file |
