max/notes
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a125f91e79
notes/Resources/dev/Wireguard.md
notes 2ba87a44fd Snapshot
2023-08-20 16:39:43 +00:00

3.0 KiB
Raw Blame History

Wireguard/Headscale/Tailscale

Hosts

Host Name IP
c.h.main 100.64.0.2
l.macmachine 100.64.0.1
c.h.apps 100.64.0.3
MaxPix 100.64.0.4
MaxBlade 100.64.0.5
MaxMachine 100.64.0.5

Apps

App Name IP
dev 10.0.0.6:8080
git 100.64.0.5:3000
pass 100.64.0.5:3002
files 100.64.0.5:3003
design 100.64.0.5:3005
docs 100.64.0.5:3006
notes 100.64.0.5:3007
photos 100.64.0.5:3008
music 100.64.0.5:3009
home 100.64.0.5:8123

Routing all traffic through wireguard

To route all traffic through wireguard you need to specify that all IP addresses should be routed through a specified peer in your wireguard config:

[Interface]
...

[Peer]
AllowedIPs=0.0.0.0/0, ::0

The 0.0.0.0/0 is CIDR Syntax and defines a range the encompasses all IPv4 addresses, the ::0 Part defines a range for all Ipv6 addresses. That means that all traffic gets routed through the peer you specify it for.

On that peer you need to setup some PostUp/PreDown Resources/dev/iptables scripts that set it up so all traffic gets routed to the www.

[Interface]
PostUp = iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
PostUp = ip6tables -t nat -I POSTROUTING -o eth0 -j MASQUERADE

PreDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
PreDown = ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

You also need to add the following to /etc/sysctl.d/wireguard.conf:

net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1

And run sysctl -p to apply the changes.

Here is a breakdown from ChatGPT on the iptables command:

  • iptables: This is the command itself, indicating that you want to work with the iptables utility.

  • -t nat: This option specifies the table to which the rule will be added. In this case, the table is "nat," which stands for Network Address Translation. This table is used for configuring network address translation rules, such as masquerading or port forwarding.

  • -I POSTROUTING: This option inserts a new rule into the "POSTROUTING" chain. The POSTROUTING chain is part of the nat table and is responsible for modifying outgoing packets after they have been routed. It is commonly used for applying Network Address Translation (NAT) to outgoing connections.

  • -o eth0: This option specifies the outbound network interface for the rule. In this case, it is "eth0," which represents a specific network interface. You may need to replace "eth0" with the appropriate interface name for your system.

  • -j MASQUERADE: This option specifies the target action for the rule. In this case, it is "MASQUERADE." MASQUERADE is a type of Network Address Translation (NAT) that allows multiple devices on a local network to share a single public IP address when accessing the internet. It replaces the source IP address of outgoing packets with the IP address of the outbound interface, enabling two-way communication between the local network and external networks.