lubuntu install wireguard

-
筆者前幾天為我舊筆電安裝了wireguard server
之前這舊筆電是拿來當honeypot的,但現在重灌後,就當VPN server
不多說 上code:

[server端]
#開terminal以root權限執行

sudo apt update
sudo apt upgrade
sudo apt install wireguard
cd /etc/wireguard/
umask 077; wg genkey | tee privatekey | wg pubkey > publickey
cat privatekey   #這邊是伺服器私鑰要記好 不要洩漏
cat publickey   #伺服器公鑰 一樣要記好
sudo vim /etc/wireguard/wg0.conf
把以下寫進去:

[Interface]
## My VPN server private IP address ##
Address = 10.0.0.1/24 #這邊切24 你可以根據你的需求來改

## My VPN server port ##
ListenPort = 41194

PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o [你的對外網卡名稱] -j MASQUERADE; sysctl net.ipv4.ip_forward=1

## VPN server's private key i.e. /etc/wireguard/privatekey ##
PrivateKey = [伺服器密鑰]
DNS = 8.8.8.8
MTU = 1420
寫完以後 啟動一下 看看有無異常:

sudo systemctl enable wg-quick@wg0
sudo systemctl start wg-quick@wg0
sudo systemctl status wg-quick@wg0
然後 在/etc/wireguard底下 新增一個sigh.sh 或是XXX.sh
輸入:

#!/bin/bash
server_pub_key=$(cat /etc/wireguard/publickey)
read -p 'client name: ' cname
read -p 'give a ip address:(10.0.0.x/24)' ipaddr
mkdir ./${cname}
umask 077 ./${cname}
umask 077; wg genkey | tee ./${cname}/${cname}_privatekey | wg pubkey > ./${cname}/${cname}_publickey
cprivte_key=$(cat ./${cname}/${cname}_privatekey)
cpub_key=$(cat ./${cname}/${cname}_publickey)
#echo $cprivte_key
#echo $cpub_key
echo "[Interface]" >> ./${cname}/${cname}.conf
echo "PrivateKey = ${cprivte_key}" >> ./${cname}/${cname}.conf
echo "Address = ${ipaddr}/24" >> ./${cname}/${cname}.conf # you can define network you want /24 /8 ....
echo "DNS = 8.8.8.8" >> ./${cname}/${cname}.conf
echo "MTU = 1420" >> ./${cname}/${cname}.conf
echo "" >> ./${cname}/${cname}.conf
echo "[Peer]" >> ./${cname}/${cname}.conf
echo "PublicKey = ${server_pub_key}" >> ./${cname}/${cname}.conf
echo "AllowedIPs = 0.0.0.0/0, ::/0" >> ./${cname}/${cname}.conf
echo "Endpoint = homeqaq.ddns.net:41194" >> ./${cname}/${cname}.conf
echo "PersistentKeepalive = 15"  >> ./${cname}/${cname}.conf
sudo systemctl stop wg-quick@wg0
echo "" >> /etc/wireguard/wg0.conf
echo "[Peer] #${cname}" >> /etc/wireguard/wg0.conf
echo "PublicKey = ${cpub_key}" >> /etc/wireguard/wg0.conf
echo "AllowedIPs = ${ipaddr}/32" >> /etc/wireguard/wg0.conf
sudo systemctl start wg-quick@wg0
用法 ./sigh.sh
這程式會問你客戶名稱
問完後會要求你分配一個ip給該用戶
如果上述的script看得懂的話,其實有點偷吃步,因為照理來說客戶端的公私鑰通常都是客戶端產生,
在這邊教學是為了方便發服務用的,如果要一個不太懂linux的人gen一個公私鑰難度並不小

留言

張貼留言

這個網誌中的熱門文章

centos7 架設 snort IDS (版本2.9.13)

-
[我這邊用root] yum update cd ~ yum install -y gcc flex bison zlib libpcap pcre libdnet tcpdump yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm yum install -y libnghttp2 yum install -y zlib-devel libpcap-devel pcre-devel libdnet-devel openssl-devel libnghttp2-devel luajit-devel wget https://www.snort.org/downloads/snort/daq-2.0.6.tar.gz wget https://www.snort.org/downloads/snort/snort-2.9.13.tar.gz tar xvzf daq-2.0.6.tar.gz cd daq-2.0.6 ./configure && make && sudo make install cd .. tar xvzf snort-2.9.13.tar.gz cd snort-2.9.13 ./configure --enable-sourcefire && make && sudo make install [這邊會有點久 要等一下] ldconfig ln -s /usr/local/bin/snort /usr/sbin/snort groupadd snort useradd snort -r -s /sbin/nologin -c SNORT_IDS -g snort sudo mkdir -p /etc/snort/rules sudo mkdir /var/log/snort sudo mkdir /usr/local/lib/snort_dynamicrules sudo chmod -R 5775 /etc/snort sudo chmod -R 5775 /var/log/snort sudo chm
閱讀完整內容

在debian10 安裝 docker 以及 Logon Tracer

-
圖片
Logon Tracer是一款可以產生關連性圖表的事件檢視器 曾在BlackHat 2018 大會上出現過 操作上相當簡單 話不多說 裝起來! sudo apt-get remove docker docker-engine docker.io containerd runc sudo apt-get update sudo apt-get install \ apt-transport-https \ ca-certificates \ curl \ gnupg-agent \ software-properties-common curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add - sudo add-apt-repository \ "deb [arch=amd64] https://download.docker.com/linux/debian \ $(lsb_release -cs) \ stable" sudo apt-get update sudo apt-get install docker-ce docker-ce-cli containerd.io 之後就可以把Logon Tracer拉過來啦~ docker pull jpcertcc/docker-logontracer docker run --detach --publish=7474:7474 --publish=7687:7687 --publish=8080:8080 -e LTHOSTNAME= jpcertcc/docker-logontracer 記得 在啟動時 千萬不要是0.0.0.0 不然有可能會出現你上傳完LOG 畫面還是空白的窘境 我的環境是192.168.107.14 那 這個部分就要是192.168.107.14
閱讀完整內容