Install WireGuard VPN – One Click Installer
The note is for installing WireGuard VPN server for popular Linux Distro like Ubuntu, Debian, Fedora.
- Install 1-click installer at https://github.com/Nyr/wireguard-install
wget https://git.io/wireguard -O wireguard-install.sh && bash wireguard-install.shContinue the on-screen guide to configure WireGuard server and add the first VPN client. The configuration file is at /etc/wireguard/wg0.conf
- Next, add the wireguard listening port to UDP allowed ports. In CSF fireware settings, allow this port in UDP_IN, UDP6_IN. Then restart the firewall.
- We also need to configure CSF rules for allowing wireguard IP ranges. Add /etc/csf/csfpost.sh file with the following configuration (with assumption that wireguard network is configured on 10.7.0.0/24 and the public network interface name is ens3:
#!/bin/bash
/usr/sbin/iptables -t nat -A POSTROUTING -o ens3 -s 10.7.0.0/24 -j MASQUERADE
/usr/sbin/iptables -A INPUT -i wg0 -j ACCEPT
/usr/sbin/iptables -A FORWARD -i wg0 -j ACCEPT
/usr/sbin/iptables -A FORWARD -o wg0 -j ACCEPT
/usr/sbin/iptables -A FORWARD -i wg0 -o ens3 -m state --state RELATED,ESTABLISHED -j ACCEPT
/usr/sbin/iptables -A FORWARD -i ens3 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT- Done, allow execution for the above file and restart the CSF firewall:
chmod +x /etc/csf/csfpost.sh
csf -r