dogeystamp/wb5
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

posts/wireguard: ufw note

Browse Source
This commit is contained in:
dogeystamp 2024-06-19 14:07:02 -04:00
parent b82f96ecd6
commit fd61bccfeb
Signed by: dogeystamp
GPG Key ID: 7225FE3592EFFA38
1 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
posts/wireguard.md
View File

@ -197,17 +197,24 @@ to load the new configuration.
If your VPN server is on the public internet, If your VPN server is on the public internet,
be sure to have sane firewall rules before doing this. be sure to have sane firewall rules before doing this.
> Note: If you use UFW as a firewall like me, you'll also [need to set a rule](https://dietpi.com/forum/t/wireguard-no-handshake-established/15979) to let VPN traffic in: > Note: If you use [UFW](https://wiki.archlinux.org/title/Uncomplicated_Firewall) as a firewall like me, you'll also [need to set a rule](https://dietpi.com/forum/t/wireguard-no-handshake-established/15979) to let VPN traffic in.
> Without this, all the `iptables` rules do nothing and your forwarded packets will get blocked.
> Replace the subnet with your VPN subnet:
> >
> ``` > ```
> # ufw allow in from 10.0.0.0/24 to any > # ufw allow in from 10.0.0.0/24 to any
> ``` > ```
> Another UFW quirk is that it has its own `sysctl.conf`, which lives at `/etc/ufw/sysctl.conf`.
> This will override the regular `sysctl` if you follow the instructions above.
> To prevent it from erasing your changes, uncomment the relevant line:
> >
> Replace the subnet with your VPN subnet. > ```
> This isn't obvious at all, so I was lucky to find the forum post linked above. > # /etc/ufw/sysctl.conf
> Without this, all the `iptables` rules do nothing and your forwarded packets will get blocked. >
> # Uncomment this to allow this host to route packets between interfaces
> net/ipv4/ip_forward=1
> ```
### client configuration ### client configuration