WirFixenAlles/Boilerplates
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
65869b6a57d2db0de6b9a832b14111f0899d5811
Boilerplates/Linux/WireGuard/dashboard+serivice.md

2.1 KiB
Raw Blame History

Installation von WireGuard und WG-Dashboard auf AlmaLinux

If you are not logged in as root then do sudo su -

Change this part of your config file /etc/wireguard/site2site.conf down in this script:

Address = 172.32.0.0/24
ListenPort = 51820

iptables -t nat -I POSTROUTING -o site2site -j SNAT --to 172.32.0.0

Installscript

# Disable AlmaLinux build in Firewall
systemctl disable --now firewalld

# Update the System
dnf update -y && dnf install -y nano iptables git wireguard-tools python3 python3-pip net-tools openssh-server

# Enable SSH Server
systemctl enable --now sshd

# Install WG-Dashboard https://github.com/donaldzou/WGDashboard
git clone -b v3.0.6 https://github.com/donaldzou/WGDashboard.git /opt/wgdashboard
cd /opt/wgdashboard/src/
chmod +x wgd.sh
./wgd.sh install
chmod -R 755 /etc/wireguard
./wgd.sh debug

# Create systemd service
tee /etc/systemd/system/wg-dashboard.service <<EOF
[Unit]
After=netword.service

[Service]
WorkingDirectory=/opt/wgdashboard/src
ExecStart=/usr/bin/python3 /opt/wgdashboard/src/dashboard.py
Restart=always

[Install]
WantedBy=default.target
EOF

chmod 664 /etc/systemd/system/wg-dashboard.service
systemctl daemon-reload

# Make AlmaLinux able to forward IPv4
echo "net.ipv4.ip_forward = 1" | tee -a /etc/sysctl.conf
sysctl -p

# Config WireGuard with your settings
systemctl disable --now wg-quick@wg0
mkdir -p /etc/wireguard/keys
cd /etc/wireguard/keys
wg genkey | tee site2site_priv.key
cat /etc/wireguard/keys/site2site_priv.key | wg pubkey | tee /etc/wireguard/keys/site2site_pub.key
PrivKey=$(cat site2site_priv.key)
cat site2site_pub.key

tee /etc/wireguard/site2site.conf <<EOF
[Interface]
Address = 172.32.0.0/24
ListenPort = 51820
EOF
echo -e "PrivateKey = $PrivKey" >> /etc/wireguard/site2site.conf

# Adjust iptables rules
iptables -t nat -I POSTROUTING -o site2site -j SNAT --to 172.32.0.0
iptables -A FORWARD -i site2site -j ACCEPT
iptables -A FORWARD -o site2site -j ACCEPT

# Enable serivce for the site2site WireGuard VPN and the Dashboard for it
systemctl enable --now wg-quick@site2site
systemctl enable --now wg-dashboard
Reference in New Issue View Git Blame Copy Permalink