aboutsummaryrefslogtreecommitdiff
path: root/content/weblog
diff options
context:
space:
mode:
authorYaroslav de la Peña Smirnov <yps@yaroslavps.com>2022-03-29 00:24:14 +0300
committerYaroslav de la Peña Smirnov <yps@yaroslavps.com>2022-03-29 00:24:14 +0300
commit5f8fca464f4c85e47b86ded5f6cd45e4cf878eae (patch)
tree14ccae8a6fd8b38cc86fa9d6ae33aa57309e6222 /content/weblog
parenta5ca94797945203c3167bb13b7779b396cad527d (diff)
downloadyaroslavps.com-5f8fca464f4c85e47b86ded5f6cd45e4cf878eae.tar.gz
yaroslavps.com-5f8fca464f4c85e47b86ded5f6cd45e4cf878eae.zip
Updated Wireguard post
Added information about packet forwarding.
Diffstat (limited to 'content/weblog')
-rw-r--r--content/weblog/2020-06-06_wireguard-vpn/index.md19
1 files changed, 18 insertions, 1 deletions
diff --git a/content/weblog/2020-06-06_wireguard-vpn/index.md b/content/weblog/2020-06-06_wireguard-vpn/index.md
index 04dd969..08203d9 100644
--- a/content/weblog/2020-06-06_wireguard-vpn/index.md
+++ b/content/weblog/2020-06-06_wireguard-vpn/index.md
@@ -1,6 +1,7 @@
+++
title = "Goodbye OpenVPN, hello Wireguard"
date = 2020-06-06T02:13:28Z
+updated = 2021-03-28T21:23:16Z
+++
I had been using OpenVPN for quite some time for my internet privacy purposes.
@@ -48,7 +49,7 @@ If these advantages haven't convinced you yet, I don't know what will.
## Set up instructions
-There are something that are worth keeping in mind while setting up Wireguard.
+There are some things that are worth keeping in mind while setting up Wireguard.
One of them is that unlike other VPN protocols, like OpenVPN, there is no server
and client per se. There are just peers. Of course, that doesn't mean that you
cannot use Wireguard like you would use OpenVPN, quite the contrary. It just
@@ -136,6 +137,22 @@ systemctl enable wg-quick@wg0
systemctl start wg-quick@wg0
```
+Since in this configuration we want to be able to forward all of the peers'
+traffic through the VPS, we need to enable packet forwarding in the kernel by
+adding or uncommenting the following lines to `/etc/sysctl.conf`, or creating a
+new file in `/etc/sysctl.d/` with these lines:
+
+```
+net.ipv4.ip_forward=1
+net.ipv6.conf.all.forwarding=1
+```
+
+After adding them, to immediately load the config we run
+
+```sh
+sysctl --system
+```
+
### Client configuration
The configuration for the client side of things is pretty similar to the server