diff options
author | Yaroslav de la Peña Smirnov <yps@yaroslavps.com> | 2022-03-29 00:24:14 +0300 |
---|---|---|
committer | Yaroslav de la Peña Smirnov <yps@yaroslavps.com> | 2022-03-29 00:24:14 +0300 |
commit | 5f8fca464f4c85e47b86ded5f6cd45e4cf878eae (patch) | |
tree | 14ccae8a6fd8b38cc86fa9d6ae33aa57309e6222 /content/weblog | |
parent | a5ca94797945203c3167bb13b7779b396cad527d (diff) | |
download | yaroslavps.com-5f8fca464f4c85e47b86ded5f6cd45e4cf878eae.tar.gz yaroslavps.com-5f8fca464f4c85e47b86ded5f6cd45e4cf878eae.zip |
Updated Wireguard post
Added information about packet forwarding.
Diffstat (limited to 'content/weblog')
-rw-r--r-- | content/weblog/2020-06-06_wireguard-vpn/index.md | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/content/weblog/2020-06-06_wireguard-vpn/index.md b/content/weblog/2020-06-06_wireguard-vpn/index.md index 04dd969..08203d9 100644 --- a/content/weblog/2020-06-06_wireguard-vpn/index.md +++ b/content/weblog/2020-06-06_wireguard-vpn/index.md @@ -1,6 +1,7 @@ +++ title = "Goodbye OpenVPN, hello Wireguard" date = 2020-06-06T02:13:28Z +updated = 2021-03-28T21:23:16Z +++ I had been using OpenVPN for quite some time for my internet privacy purposes. @@ -48,7 +49,7 @@ If these advantages haven't convinced you yet, I don't know what will. ## Set up instructions -There are something that are worth keeping in mind while setting up Wireguard. +There are some things that are worth keeping in mind while setting up Wireguard. One of them is that unlike other VPN protocols, like OpenVPN, there is no server and client per se. There are just peers. Of course, that doesn't mean that you cannot use Wireguard like you would use OpenVPN, quite the contrary. It just @@ -136,6 +137,22 @@ systemctl enable wg-quick@wg0 systemctl start wg-quick@wg0 ``` +Since in this configuration we want to be able to forward all of the peers' +traffic through the VPS, we need to enable packet forwarding in the kernel by +adding or uncommenting the following lines to `/etc/sysctl.conf`, or creating a +new file in `/etc/sysctl.d/` with these lines: + +``` +net.ipv4.ip_forward=1 +net.ipv6.conf.all.forwarding=1 +``` + +After adding them, to immediately load the config we run + +```sh +sysctl --system +``` + ### Client configuration The configuration for the client side of things is pretty similar to the server |