Skip to content

Getting Started

Jump to bottom
SirToffski edited this page Jul 23, 2019 · 7 revisions

Getting Started

It's fairly simple to get started with using WireGuard-Ligase. There are a number of pre-requisites to consider.

Table of Contents

Pre-requisites

  • A server running Linux.
  • A sudo user to build server configuration and install all required software.

Supported Distributions

Currently Arch, CentOS, Debian, Fedora, Manjaro and Ubuntu are supported - meaning the script can:

  • Check if WireGuard is installed. If WireGuard is not installed, the user will be offered to have it installed automatically.
  • Configure distro-specific firewall rules. For example, CentOS will frequently use firewalld, hence firewall-cmd will be used instead of iptables. One notable exception is CentOS 7 running on AWS EC2 - which does not come with firewalld pre-installed. In this case the script knows it's running on CentOS without firewalld and will use iptables instead.
  • In addition to configuring iptables the script is aware of how to make iptables rules persistent on supported distributions. For example on Ubuntu iptables-persistent package will be used. On CentOS, Arch/Manjaro - iptables-service package is used instead.
  • The script will still run on unsupported platform.
    • In this case the script WILL:
      • Build server and client configuration
    • Will NOT:
      • Install WireGuard
      • Pre-configure firewall rules

Installing Wireguard

As discussed in supported distributions, the script can install WireGuard packages on Arch, CentOS, Debian, Fedora, Manjaro and Ubuntu. Other platforms will need to manually install WireGuard packages. (For a comprehensive list, check out the official website with installation guides. This Wiki will provide installation steps for the most common distributions.

Ubuntu

$ sudo add-apt-repository ppa:wireguard/wireguard
$ sudo apt-get update
$ sudo apt-get install wireguard

Debian

# echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list
# printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable
# apt update
# apt install wireguard

Fedora

$ sudo dnf copr enable jdoss/wireguard
$ sudo dnf install wireguard-dkms wireguard-tools

RHEL/CentOS

$ sudo curl -Lo /etc/yum.repos.d/wireguard.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
$ sudo yum install epel-release
$ sudo yum install wireguard-dkms wireguard-tools

Mageia

$ sudo urpmi wireguard-tools

Arch/Manjaro

$ sudo pacman -S wireguard-tools

Note that wireguard-dkms will require headers for the Linux kernel installed / intended for use. Headers can be installed via Pacman. For example on Manjaro to install headers for Linux kernels 4.19, 5.0, and 5.1, one could use:

# Kernel 4.19
sudo pacman -S linux419-headers
# Kernel 5.0
sudo pacman -S linux50-headers
# Kernel 5.1
sudo pacman -S linux51-headers

OpenSuse

$ sudo zypper addrepo -f obs://network:vpn:wireguard wireguard
$ sudo zypper install wireguard-kmp-default wireguard-tools

Alpine

# apk add -U wireguard-tools

The installation requires edge repositories and edge kernel.

NixOS

boot.extraModulePackages = [ config.boot.kernelPackages.wireguard ];
environment.systemPackages = [ pkgs.wireguard pkgs.wireguard-tools ];

OpenWRT

# opkg install wireguard

FreeBSD

# pkg install wireguard

macOS Homebrew

$ brew install wireguard-tools

Using WireGuard-Ligase

The best way to use WireGuard-Ligase is to clone the entire repository. This will ensure correct script execution. The following steps can be used:

  1. Clone the repository
$ git clone https://github.com/SirToffski/WireGuard-Ligase.git
  1. cd into the repository
$ cd WireGuard-Ligase/
  1. Run the helper-script
$ sudo bash configure-wireguard.sh

 __    __ _                                    _     __ _
/ / /\ \ (_)_ __ ___  __ _ _   _  __ _ _ __ __| |   / /(_) __ _  __ _ ___  ___
\ \/  \/ / | '__/ _ \/ _` | | | |/ _` | '__/ _` |  / / | |/ _` |/ _` / __|/ _ \
 \  /\  /| | | |  __/ (_| | |_| | (_| | | | (_| | / /__| | (_| | (_| \__ \  __/
  \/  \/ |_|_|  \___|\__, |\__,_|\__,_|_|  \__,_| \____/_|\__, |\__,_|___/\___|
                     |___/                                |___/
Welcome to WG Ligase.

The script will guide you through the installaton process, allowing to choose a starting point.

The idea is for this script to be equally suitable for new deployments, as well as for configuring
a live deployment

Let's begin. Please select from one of the following options:
-----------------------------------

1 = Quick Setup. You will only be asked to specify public server IP.

-----------------------------------

2 = Advanced Setup: I would like to configure a new server and clients from scratch.

-----------------------------------

3 = Clients only: I just need to generate some client configs and add those to an existing server.

-----------------------------------

4 = IPTABLES: I just need commands to configure IPTABLEs.

----------------------------------
Clone this wiki locally