forked from unifi-utilities/unifios-utilities
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Wireguard instructions added, nextdns container updates
- Loading branch information
1 parent
40e7a8e
commit 8761d92
Showing
6 changed files
with
62 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,11 +1,11 @@ | ||
| FROM alpine | ||
| FROM alpine as builder | ||
| ENV VERSION=1.7.0 | ||
| LABEL maintainer="John Dorman <dorman@ataxia.cloud>" | ||
| RUN apk add --no-cache ca-certificates \ | ||
| && mkdir -p /opt/nextdns \ | ||
| && wget -O /tmp/nextdns.tar.gz https://github.com/nextdns/nextdns/releases/download/v${VERSION}/nextdns_${VERSION}_linux_arm64.tar.gz \ | ||
| && tar zxf /tmp/nextdns.tar.gz -C /opt/nextdns \ | ||
| && rm /tmp/nextdns.tar.gz | ||
| RUN wget -O /tmp/nextdns.tar.gz https://github.com/nextdns/nextdns/releases/download/v${VERSION}/nextdns_${VERSION}_linux_arm64.tar.gz \ | ||
| && mkdir /tmp/nextdns && tar zxf /tmp/nextdns.tar.gz -C /tmp/nextdns | ||
|
|
||
| FROM arm64v8/alpine | ||
| RUN apk add --no-cache ca-certificates | ||
| COPY --from=builder /tmp/nextdns /opt/nextdns | ||
| EXPOSE 53/tcp 53/udp | ||
| ENTRYPOINT ["/opt/nextdns/nextdns","run", "-config-file", "/etc/nextdns/nextdns.conf"] | ||
| CMD [] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| # Wireguard VPN server / client | ||
|
|
||
| ### Features | ||
| 1. Wireguard VPN to anywhere! Uses wireguard-go, not the kernel module. | ||
| 1. Persists through reboots and firmware updates. | ||
| 1. Tested with a Wireguard Server in AWS. | ||
|
|
||
| ### Requirements | ||
| 1. You have successfully setup the on boot script described [here](https://github.com/boostchicken/udm-utilities/tree/master/on-boot-script) | ||
| 1. Not recommended for Wireguard newbies. Set it up on other devices first. This document does not include iptables / nat rules. | ||
|
|
||
| ### Customization | ||
| * Update [wg0.conf](configs/wg0.conf) to match your env | ||
|
|
||
| ### Steps | ||
| 1. Create your public and private keys | ||
| ```shell script | ||
| podman run -i --rm --net=host --name wireguard_conf masipcat/wireguard-go wg genkey > /mnt/data/wireguard/privatekey | ||
| podman run -i --rm --net=host --name wireguard_conf masipcat/wireguard-go wg genkey < /mnt/data/wireguard/privatekey > /mnt/data/wireguard/publickey | ||
| ``` | ||
| 1. Make configurations dir | ||
| ```shell script | ||
| mkdir -p /mnt/data/wireguard | ||
| ``` | ||
| 1. Create wireguard configuration file in /mnt/data/wireguard. Template: [wg0.conf](configs/wg0.conf) | ||
| 1. Copy [20-wireguard.sh](on_boot.d/20-wireguard.sh) to /mnt/data/on_boot.d and update its values to reflect your environment | ||
| 1. Execute /mnt/data/on_boot.d/20-wireguard.sh | ||
| 1. If you are running a server, make the appropriate firewall rules / port forwards | ||
|
|
||
| ### Useful commands | ||
| ```shell script | ||
| podman exec -it wireguard wg | ||
| podman exec -it wireguard wg-quick up wg0 | ||
| podman exec -it wireguard wg-quick down wg0 | ||
| ``` | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| [Interface] | ||
| # Change to map to your subnet | ||
| Address = 10.20.0.3/24 | ||
| PrivateKey = <server privatekey> | ||
| # Can be whatever port you like | ||
| ListenPort = 51820 | ||
|
|
||
| [Peer] | ||
| PublicKey = <client public key> | ||
| Endpoint = <server ip>:<server port> | ||
| # Change to the CIDRs you want routed over the VPN | ||
| AllowedIPs = 10.20.0.0/24 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| podman run -i -d --rm --net=host --name wireguard --privileged -v /mnt/data/wireguard:/etc/wireguard -v /dev/net/tun:/dev/net/tun -e LOG_LEVEL=info -e WG_COLOR_MODE=always masipcat/wireguard-go |