kjuulh/wireguard-setup
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

Allow access WireGuard via port 53/UDP

Browse Source
This commit is contained in:
Héctor Molinero Fernández 2020-01-26 21:17:52 +01:00
parent 3fcd038fdf
commit 40631b7876
4 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
rootfs/etc/wireguard/client-sample.conf
View File

@ -6,4 +6,4 @@ DNS = 10.10.10.1
[Peer]
PublicKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = XXX.XXX.XXX.XXX:80
Endpoint = XXX.XXX.XXX.XXX:51820

7
rootfs/etc/wireguard/wg0.conf
View File

@ -1,6 +1,6 @@
[Interface]
Address = 10.10.10.1/24
ListenPort = 80
ListenPort = 51820
# Load keys
PostUp = [ -e '/etc/wireguard/%i-privatekey' ] || (umask 077 && wg genkey > '/etc/wireguard/%i-privatekey')
PostUp = [ -e '/etc/wireguard/%i-publickey' ] || (umask 022 && wg pubkey < '/etc/wireguard/%i-privatekey' > '/etc/wireguard/%i-publickey')
@ -23,3 +23,8 @@ PostUp = iptables -A INPUT -i '%i' -p tcp --dport 53 -j ACCEPT && iptables -
PostUp = ip6tables -A INPUT -i '%i' -p tcp --dport 53 -j ACCEPT && ip6tables -A INPUT -i '%i' -p udp --dport 53 -j ACCEPT
PostDown = iptables -D INPUT -i '%i' -p tcp --dport 53 -j ACCEPT && iptables -D INPUT -i '%i' -p udp --dport 53 -j ACCEPT
PostDown = ip6tables -D INPUT -i '%i' -p tcp --dport 53 -j ACCEPT && ip6tables -D INPUT -i '%i' -p udp --dport 53 -j ACCEPT
# Allow access WireGuard via port 53/UDP (to circumvent some firewalls)
PostUp = iptables -t nat -A PREROUTING -i "$(cat '/etc/wireguard/%i-iface')" -p udp --dport 53 -j REDIRECT --to-port 51820
PostUp = ip6tables -t nat -A PREROUTING -i "$(cat '/etc/wireguard/%i-iface')" -p udp --dport 53 -j REDIRECT --to-port 51820
PostDown = iptables -t nat -D PREROUTING -i "$(cat '/etc/wireguard/%i-iface')" -p udp --dport 53 -j REDIRECT --to-port 51820
PostDown = ip6tables -t nat -D PREROUTING -i "$(cat '/etc/wireguard/%i-iface')" -p udp --dport 53 -j REDIRECT --to-port 51820

2
start-qemu.sh
View File

@ -29,6 +29,6 @@ kvm \
-smp 1 -m 512 \
-nographic -serial mon:stdio \
-device e1000,netdev=n0 \
-netdev user,id=n0,hostfwd=tcp::2222-:22,hostfwd=tcp::8080-:80 \
-netdev user,id=n0,hostfwd=tcp::2222-:22,hostfwd=udp::5353-:53 \
-drive file="${SNAPSHOT_DISK:?}",if=virtio,format=qcow2 \
-drive file="${USERDATA_DISK:?}",if=virtio,format=raw

2
wireguard.pkr.hcl
View File

@ -108,7 +108,7 @@ build {
"ufw default deny incoming",
"ufw default allow outgoing",
"ufw allow from any to any port 22 proto tcp",
"ufw allow from any to any port 80 proto udp"
"ufw allow from any to any port 51820 proto udp"
]
}