Wireguardセットアップメモ

Generate config

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
mkdir server client
wg genkey | tee server/server.key | wg pubkey > server/server.pub
wg genkey | tee client/client.key | wg pubkey > client/client.pub

cat <<EOF >server/wg0.conf
[Interface]
ListenPort = <PORT>
PrivateKey = $(cat server/server.key) 
Address = 169.254.255.1/28
PostUp = iptables -t nat -A POSTROUTING -o ens5 -s 169.254.255.0/24 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o ens5 -s 169.254.255.0/24 -j MASQUERADE

[Peer] #Mac
PublicKey = $(cat client/client.pub) 
AllowedIPs = 169.254.255.2/32
EOF

cat <<EOF >client/wg0.conf
[Interface]
PrivateKey = $(cat client/client.key) 
Address = 169.254.255.2/28

[Peer]
PublicKey = $(cat server/server.pub) 
AllowedIPs = 169.254.255.0/28,<YOUR SUBNET>
Endpoint = <ENDPOIND>:<PORT>
PersistentKeepalive = 25
EOF

Server Side

Copy server/wg0.conf to /etc/wireguard/

1
2
systemctl enable wg-quick@wg0
systemctl start wg-quick@wg0

Client Side

1
brew install wireguard-go wireguard-tools

Copy client/wg0.conf to /opt/homebrew/etc/wireguard/

1
2
sudo wg-quick up wg0
sudo wg show 

AWS ENI settings

Disable source/destination check

Hugo で構築されています。
テーマ StackJimmy によって設計されています。