|
|
|
@ -46,52 +46,47 @@ def setup_wireguard():
|
|
|
|
"""Set up WireGuard with complete system configuration"""
|
|
|
|
"""Set up WireGuard with complete system configuration"""
|
|
|
|
print_step("🔒", "Setting up WireGuard system configuration...")
|
|
|
|
print_step("🔒", "Setting up WireGuard system configuration...")
|
|
|
|
|
|
|
|
|
|
|
|
# Ensure WireGuard kernel module is loaded
|
|
|
|
# Load WireGuard kernel module
|
|
|
|
print("Loading WireGuard kernel module...")
|
|
|
|
print("Loading WireGuard kernel module...")
|
|
|
|
run_command("sudo modprobe wireguard", "Failed to load WireGuard kernel module", shell=True)
|
|
|
|
run_command("sudo modprobe wireguard", "Failed to load WireGuard kernel module", shell=True)
|
|
|
|
|
|
|
|
|
|
|
|
# Enable IP forwarding
|
|
|
|
# Enable IP forwarding
|
|
|
|
print("Enabling IP forwarding...")
|
|
|
|
print("Enabling IP forwarding...")
|
|
|
|
run_command(
|
|
|
|
run_command("sudo sh -c 'echo 1 > /proc/sys/net/ipv4/ip_forward'", "Failed to enable IP forwarding", shell=True)
|
|
|
|
"sudo sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf",
|
|
|
|
run_command("sudo sysctl -w net.ipv4.ip_forward=1", "Failed to enable IP forwarding", shell=True)
|
|
|
|
"Failed to update sysctl.conf",
|
|
|
|
|
|
|
|
shell=True
|
|
|
|
# Apply iptables rules
|
|
|
|
)
|
|
|
|
print("Applying iptables rules to allow SSH and route traffic correctly...")
|
|
|
|
run_command(
|
|
|
|
|
|
|
|
"sudo sysctl -p",
|
|
|
|
ssh_rules = [
|
|
|
|
"Failed to apply sysctl changes",
|
|
|
|
"sudo iptables -I INPUT -p tcp --dport 22 -j ACCEPT",
|
|
|
|
shell=True
|
|
|
|
"sudo iptables -I OUTPUT -p tcp --sport 22 -j ACCEPT",
|
|
|
|
)
|
|
|
|
"sudo iptables -I FORWARD -p tcp --dport 22 -j ACCEPT"
|
|
|
|
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
for rule in ssh_rules:
|
|
|
|
|
|
|
|
run_command(rule, f"Failed to apply iptables rule: {rule}", shell=True)
|
|
|
|
|
|
|
|
|
|
|
|
# Apply NAT rules
|
|
|
|
# Apply NAT rules for VPN traffic
|
|
|
|
print("Applying NAT rules...")
|
|
|
|
print("Applying NAT and forwarding rules...")
|
|
|
|
nat_rules = [
|
|
|
|
nat_rules = [
|
|
|
|
"sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE",
|
|
|
|
"sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE",
|
|
|
|
"sudo iptables -A FORWARD -i wg0 -j ACCEPT",
|
|
|
|
"sudo iptables -A FORWARD -i wg0 -j ACCEPT",
|
|
|
|
"sudo iptables -A FORWARD -o wg0 -j ACCEPT"
|
|
|
|
"sudo iptables -A FORWARD -o wg0 -j ACCEPT"
|
|
|
|
]
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
|
|
for rule in nat_rules:
|
|
|
|
for rule in nat_rules:
|
|
|
|
run_command(rule, f"Failed to apply iptables rule: {rule}", shell=True)
|
|
|
|
run_command(rule, f"Failed to apply iptables rule: {rule}", shell=True)
|
|
|
|
|
|
|
|
|
|
|
|
# Update nameserver
|
|
|
|
# Allow web interface access
|
|
|
|
print("Updating nameserver...")
|
|
|
|
print_step("🌐", "Allowing web interface on port 1337...")
|
|
|
|
run_command(
|
|
|
|
run_command("sudo iptables -A INPUT -p tcp --dport 1337 -j ACCEPT", "Failed to open port 1337", shell=True)
|
|
|
|
"sudo sed -i 's/nameserver .*/nameserver 1.1.1.1/' /etc/resolv.conf",
|
|
|
|
|
|
|
|
"Failed to update nameserver",
|
|
|
|
|
|
|
|
shell=True
|
|
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Install iptables-persistent and save rules
|
|
|
|
# Ensure rules are correct before saving
|
|
|
|
print("Making iptables rules persistent...")
|
|
|
|
print_step("💾", "Saving iptables rules for persistence...")
|
|
|
|
run_command(
|
|
|
|
run_command("sudo iptables -S", "Failed to verify iptables rules", shell=True)
|
|
|
|
["apt-get", "install", "-y", "iptables-persistent"],
|
|
|
|
run_command("sudo netfilter-persistent save", "Failed to save iptables rules", shell=True)
|
|
|
|
"Failed to install iptables-persistent"
|
|
|
|
run_command("sudo netfilter-persistent reload", "Failed to reload iptables rules", shell=True)
|
|
|
|
)
|
|
|
|
|
|
|
|
run_command(
|
|
|
|
|
|
|
|
"sudo iptables-save | sudo tee /etc/iptables/rules.v4",
|
|
|
|
|
|
|
|
"Failed to save iptables rules",
|
|
|
|
|
|
|
|
shell=True
|
|
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def main():
|
|
|
|
def main():
|
|
|
|
if os.geteuid() != 0:
|
|
|
|
if os.geteuid() != 0:
|
|
|
|
@ -253,12 +248,6 @@ WantedBy=multi-user.target
|
|
|
|
run_command(["systemctl", "enable", "wireguard-manager"], "Failed to enable web interface service")
|
|
|
|
run_command(["systemctl", "enable", "wireguard-manager"], "Failed to enable web interface service")
|
|
|
|
run_command(["systemctl", "restart", "wireguard-manager"], "Failed to start web interface service")
|
|
|
|
run_command(["systemctl", "restart", "wireguard-manager"], "Failed to start web interface service")
|
|
|
|
|
|
|
|
|
|
|
|
# Enable UFW and allow required ports
|
|
|
|
|
|
|
|
print_step("🛡️", "Configuring firewall...")
|
|
|
|
|
|
|
|
run_command(["apt-get", "install", "-y", "ufw"], "Failed to install UFW")
|
|
|
|
|
|
|
|
run_command(["ufw", "allow", "1337/tcp"], "Failed to allow port 1337")
|
|
|
|
|
|
|
|
run_command(["ufw", "--force", "enable"], "Failed to enable UFW")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Final instructions
|
|
|
|
# Final instructions
|
|
|
|
local_ip = get_local_ip()
|
|
|
|
local_ip = get_local_ip()
|
|
|
|
print(f"""
|
|
|
|
print(f"""
|
|
|
|
@ -277,7 +266,6 @@ WireGuard Manager has been installed successfully!
|
|
|
|
- IP forwarding is enabled
|
|
|
|
- IP forwarding is enabled
|
|
|
|
- NAT rules are configured
|
|
|
|
- NAT rules are configured
|
|
|
|
- DNS is set to 1.1.1.1
|
|
|
|
- DNS is set to 1.1.1.1
|
|
|
|
- UFW is enabled and port 1337 is open
|
|
|
|
|
|
|
|
- Web interface will start automatically on boot
|
|
|
|
- Web interface will start automatically on boot
|
|
|
|
|
|
|
|
|
|
|
|
📝 Important locations:
|
|
|
|
📝 Important locations:
|
|
|
|
|
