Author Topic: How to make WireGuard work?  (Read 9573 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Re: How to make WireGuard work?
« Reply #15 on: March 17, 2022, 06:19:19 AM »
that line is in the script /etc/csf/csfpost.sh .  It's going to throw an error because the variable $port is not set.  But it should work
Hello, apparently it does not work, sorry.
I asked helped from the maker of the WireGuard script, and this is what he said:

I am not familiar with CSF, but the following are indeed relevant rules for OpenVPN:
Code: [Select]
/usr/sbin/iptables -t nat -A POSTROUTING -s 10.7.0.0/24 ! -d 10.7.0.0/24 -j SNAT --to $ip
/usr/sbin/iptables -I INPUT -p udp --dport $port -j ACCEPT
/usr/sbin/iptables -I FORWARD -s 10.7.0.0/24 -j ACCEPT
/usr/sbin/iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

If your server has IPv6, the following are also required:
Code: [Select]
/usr/sbin/ip6tables -t nat -A POSTROUTING -s fddd:2c4:2c4:2c4::/64 ! -d fddd:2c4:2c4:2c4::/64 -j SNAT --to $ip6
/usr/sbin/ip6tables -I FORWARD -s fddd:2c4:2c4:2c4::/64 -j ACCEPT
/usr/sbin/ip6tables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

You need to replace the words starting with $. For example, $ip should be your public IPv4 address, and $port the port you selected during setup.

As I said I am not familiar with CSF, but a tiny bit of research indicates that you can likely add the commands above to /etc/csf/csfpost.sh and then restart CSF with csf -r


I have no idea what he was saying although I think it is something important?
Or, is there a way to install CWP and not to remove the firewalld thing?

Offline
****
Re: How to make WireGuard work?
« Reply #16 on: March 17, 2022, 07:57:47 AM »
what he's saying is $ip needs to be replaced with your actual Global IP

$port needs to be your wireguard port

$ip6 needs to be your global ip for ip6
Google Hangouts:  rcschaff82@gmail.com

Offline
*
Re: How to make WireGuard work?
« Reply #17 on: March 17, 2022, 08:14:55 AM »
what he's saying is $ip needs to be replaced with your actual Global IP

$port needs to be your wireguard port

$ip6 needs to be your global ip for ip6
can we tweak it to work with the csfpost.sh script?

Offline
*
Re: How to make WireGuard work?
« Reply #18 on: March 17, 2022, 11:37:46 AM »
that line is in the script /etc/csf/csfpost.sh .  It's going to throw an error because the variable $port is not set.  But it should work
Either I put $port = [enter port number] or directly put the port 5108?

Offline
*
Re: How to make WireGuard work?
« Reply #19 on: March 17, 2022, 03:40:58 PM »
that line is in the script /etc/csf/csfpost.sh .  It's going to throw an error because the variable $port is not set.  But it should work
$port=51820; <--- is this right? actually it still does not work.
I tried dnf remove firewalld -y and dnf install firewalld -y; then wireguard script then add the lines and csf -r but it still does not work.

Offline
****
Re: How to make WireGuard work?
« Reply #20 on: March 18, 2022, 01:52:20 AM »
he's saying the line should be

/usr/sbin/iptables -I INPUT -p udp --dport 51820 -j ACCEPT

however, putting
port='51820'
at the beginning of the script should have the same effect.
Google Hangouts:  rcschaff82@gmail.com

Offline
*
Re: How to make WireGuard work?
« Reply #21 on: March 18, 2022, 02:16:04 AM »
he's saying the line should be

/usr/sbin/iptables -I INPUT -p udp --dport 51820 -j ACCEPT

however, putting
port='51820'
at the beginning of the script should have the same effect.
Oh sorry. I guess $port=51820; would not work because I thought bash scripts are similar to PHP.
Unfortunately, it still does not work.
Did I do the right thing by removing and installing firewalld first?
Would you be interested to actually access the server itself? :)

Offline
*
Re: How to make WireGuard work?
« Reply #22 on: April 05, 2022, 11:25:51 PM »
that line is in the script /etc/csf/csfpost.sh .  It's going to throw an error because the variable $port is not set.  But it should work
Sorry for the late reply. I appreciate your efforts! However, to make things a little less complicated, I just purchased a VPN subscription from PureVPN since they have a partnership with LowEndBox, so I got a good deal and discount for five years. I figured I would mainly use this VPS for hosting sites, which CWP is designed to do.