Difference between revisions of "Wireguard"
Jump to navigation
Jump to search
Michael.mast (talk | contribs) |
Michael.mast (talk | contribs) |
||
| Line 21: | Line 21: | ||
setenforce 0 | setenforce 0 | ||
sed -i 's/ELINUX\=enforcing/SELINUX\=disabled/' /etc/selinux/config | sed -i 's/ELINUX\=enforcing/SELINUX\=disabled/' /etc/selinux/config | ||
| − | |||
</pre> | </pre> | ||
| + | *Create tables for the ISPs | ||
| + | <pre> | ||
| + | echo '200 ISP1' >> /etc/iproute2/rt_tables | ||
| + | echo '201 ISP2' >> /etc/iproute2/rt_tables | ||
| + | </pre> | ||
| + | *Add commands to route scripts. In this case we are setting the non-default route connection | ||
| + | <pre> | ||
| + | echo 'ip rule add from <interface IP> lookup ISP2' >> /etc/sysconfig/network-scripts/route-enp3s0 | ||
| + | echo 'ip route add table ISP2 default via <gateway IP>' >> /etc/sysconfig/network-scripts/route-enp3s0 | ||
| + | </pre> | ||
| + | *Reboot and verify things work. | ||
Revision as of 16:37, 6 May 2025
Rocky Linux
Dual NIC wireguard setup
Prerequisite Network Config
- Configure the firewall to only allow the wireguard port, then move the internal interface to the internal zone.
firewall-cmd --permanent --add-port=51820/udp --zone=public firewall-cmd --permanent --remove-service=dhcpv6-client --zone=public firewall-cmd --permanent --remove-service=cockpit --zone=public firewall-cmd --permanent --remove-service=ssh --zone=public firewall-cmd --permanent --zone=internal --change-interface=enp3s0 firewall-cmd --permanent --add-masquerade firewall-cmd --reload
- Enable forwarding
echo 'net.ipv4.ip_forward = 1' > /etc/sysctl.d/01-sysctl.conf sysctl -p
- Disable selinux because we are lazy
setenforce 0 sed -i 's/ELINUX\=enforcing/SELINUX\=disabled/' /etc/selinux/config
- Create tables for the ISPs
echo '200 ISP1' >> /etc/iproute2/rt_tables echo '201 ISP2' >> /etc/iproute2/rt_tables
- Add commands to route scripts. In this case we are setting the non-default route connection
echo 'ip rule add from <interface IP> lookup ISP2' >> /etc/sysconfig/network-scripts/route-enp3s0 echo 'ip route add table ISP2 default via <gateway IP>' >> /etc/sysconfig/network-scripts/route-enp3s0
- Reboot and verify things work.
