diff --git a/install.py b/install.py index 54a4d17..9cd4a08 100644 --- a/install.py +++ b/install.py @@ -45,53 +45,48 @@ def get_local_ip(): def setup_wireguard(): """Set up WireGuard with complete system configuration""" print_step("🔒", "Setting up WireGuard system configuration...") - - # Ensure WireGuard kernel module is loaded + + # Load WireGuard kernel module print("Loading WireGuard kernel module...") run_command("sudo modprobe wireguard", "Failed to load WireGuard kernel module", shell=True) - + # Enable IP forwarding print("Enabling IP forwarding...") - run_command( - "sudo sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf", - "Failed to update sysctl.conf", - shell=True - ) - run_command( - "sudo sysctl -p", - "Failed to apply sysctl changes", - shell=True - ) + run_command("sudo sh -c 'echo 1 > /proc/sys/net/ipv4/ip_forward'", "Failed to enable IP forwarding", shell=True) + run_command("sudo sysctl -w net.ipv4.ip_forward=1", "Failed to enable IP forwarding", shell=True) + + # Apply iptables rules + print("Applying iptables rules to allow SSH and route traffic correctly...") - # Apply NAT rules - print("Applying NAT rules...") + ssh_rules = [ + "sudo iptables -I INPUT -p tcp --dport 22 -j ACCEPT", + "sudo iptables -I OUTPUT -p tcp --sport 22 -j ACCEPT", + "sudo iptables -I FORWARD -p tcp --dport 22 -j ACCEPT" + ] + + for rule in ssh_rules: + run_command(rule, f"Failed to apply iptables rule: {rule}", shell=True) + + # Apply NAT rules for VPN traffic + print("Applying NAT and forwarding rules...") nat_rules = [ "sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE", "sudo iptables -A FORWARD -i wg0 -j ACCEPT", "sudo iptables -A FORWARD -o wg0 -j ACCEPT" ] + for rule in nat_rules: run_command(rule, f"Failed to apply iptables rule: {rule}", shell=True) - # Update nameserver - print("Updating nameserver...") - run_command( - "sudo sed -i 's/nameserver .*/nameserver 1.1.1.1/' /etc/resolv.conf", - "Failed to update nameserver", - shell=True - ) + # Allow web interface access + print_step("🌐", "Allowing web interface on port 1337...") + run_command("sudo iptables -A INPUT -p tcp --dport 1337 -j ACCEPT", "Failed to open port 1337", shell=True) - # Install iptables-persistent and save rules - print("Making iptables rules persistent...") - run_command( - ["apt-get", "install", "-y", "iptables-persistent"], - "Failed to install iptables-persistent" - ) - run_command( - "sudo iptables-save | sudo tee /etc/iptables/rules.v4", - "Failed to save iptables rules", - shell=True - ) + # Ensure rules are correct before saving + print_step("💾", "Saving iptables rules for persistence...") + run_command("sudo iptables -S", "Failed to verify iptables rules", shell=True) + run_command("sudo netfilter-persistent save", "Failed to save iptables rules", shell=True) + run_command("sudo netfilter-persistent reload", "Failed to reload iptables rules", shell=True) def main(): if os.geteuid() != 0: @@ -253,12 +248,6 @@ WantedBy=multi-user.target run_command(["systemctl", "enable", "wireguard-manager"], "Failed to enable web interface service") run_command(["systemctl", "restart", "wireguard-manager"], "Failed to start web interface service") - # Enable UFW and allow required ports - print_step("🛡️", "Configuring firewall...") - run_command(["apt-get", "install", "-y", "ufw"], "Failed to install UFW") - run_command(["ufw", "allow", "1337/tcp"], "Failed to allow port 1337") - run_command(["ufw", "--force", "enable"], "Failed to enable UFW") - # Final instructions local_ip = get_local_ip() print(f""" @@ -277,7 +266,6 @@ WireGuard Manager has been installed successfully! - IP forwarding is enabled - NAT rules are configured - DNS is set to 1.1.1.1 - - UFW is enabled and port 1337 is open - Web interface will start automatically on boot 📝 Important locations: