Difference between revisions of "Wireguard"
Jump to navigation
Jump to search
Michael.mast (talk | contribs) |
Michael.mast (talk | contribs) |
||
| Line 15: | Line 15: | ||
<pre> | <pre> | ||
echo 'net.ipv4.ip_forward = 1' > /etc/sysctl.d/01-sysctl.conf | echo 'net.ipv4.ip_forward = 1' > /etc/sysctl.d/01-sysctl.conf | ||
| + | sysctl -p | ||
| + | </pre> | ||
| + | *Disable selinux because we are lazy | ||
| + | <pre> | ||
| + | setenforce 0 | ||
| + | sed -i 's/SELINUX\=enabled/SELINUX\=disabled/' /etc/selinux/config | ||
| + | |||
</pre> | </pre> | ||
Revision as of 18:35, 5 May 2025
Rocky Linux
Dual NIC wireguard setup
Prerequisite Network Config
- Configure the firewall to only allow the wireguard port, then move the internal interface to the internal zone.
firewall-cmd --permanent --add-port=51820/udp --zone=public firewall-cmd --permanent --remove-service=dhcpv6-client --zone=public firewall-cmd --permanent --remove-service=cockpit --zone=public firewall-cmd --permanent --remove-service=ssh --zone=public firewall-cmd --permanent --zone=internal --change-interface=enp3s0 firewall-cmd --permanent --add-masquerade firewall-cmd --reload
- Enable forwarding
echo 'net.ipv4.ip_forward = 1' > /etc/sysctl.d/01-sysctl.conf sysctl -p
- Disable selinux because we are lazy
setenforce 0 sed -i 's/SELINUX\=enabled/SELINUX\=disabled/' /etc/selinux/config
