ben
/
TorGuard_WireGuard
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update 'install.py'

Browse Source
main
ben 2 months ago
parent c8b9d55a66
commit ee56309843
1 changed files with 28 additions and 40 deletions
Show Stats Download Patch File Download Diff File

68
install.py
Unescape Escape View File

@ -45,53 +45,48 @@ def get_local_ip():
def setup_wireguard():
"""Set up WireGuard with complete system configuration"""
print_step("🔒", "Setting up WireGuard system configuration...")
# Ensure WireGuard kernel module is loaded
# Load WireGuard kernel module
print("Loading WireGuard kernel module...")
run_command("sudo modprobe wireguard", "Failed to load WireGuard kernel module", shell=True)
# Enable IP forwarding
print("Enabling IP forwarding...")
run_command(
"sudo sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf",
"Failed to update sysctl.conf",
shell=True
)
run_command(
"sudo sysctl -p",
"Failed to apply sysctl changes",
shell=True
)
run_command("sudo sh -c 'echo 1 > /proc/sys/net/ipv4/ip_forward'", "Failed to enable IP forwarding", shell=True)
run_command("sudo sysctl -w net.ipv4.ip_forward=1", "Failed to enable IP forwarding", shell=True)
# Apply iptables rules
print("Applying iptables rules to allow SSH and route traffic correctly...")
# Apply NAT rules
print("Applying NAT rules...")
ssh_rules = [
"sudo iptables -I INPUT -p tcp --dport 22 -j ACCEPT",
"sudo iptables -I OUTPUT -p tcp --sport 22 -j ACCEPT",
"sudo iptables -I FORWARD -p tcp --dport 22 -j ACCEPT"
]
for rule in ssh_rules:
run_command(rule, f"Failed to apply iptables rule: {rule}", shell=True)
# Apply NAT rules for VPN traffic
print("Applying NAT and forwarding rules...")
nat_rules = [
"sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE",
"sudo iptables -A FORWARD -i wg0 -j ACCEPT",
"sudo iptables -A FORWARD -o wg0 -j ACCEPT"
]
for rule in nat_rules:
run_command(rule, f"Failed to apply iptables rule: {rule}", shell=True)
# Update nameserver
print("Updating nameserver...")
run_command(
"sudo sed -i 's/nameserver .*/nameserver 1.1.1.1/' /etc/resolv.conf",
"Failed to update nameserver",
shell=True
)
# Allow web interface access
print_step("🌐", "Allowing web interface on port 1337...")
run_command("sudo iptables -A INPUT -p tcp --dport 1337 -j ACCEPT", "Failed to open port 1337", shell=True)
# Install iptables-persistent and save rules
print("Making iptables rules persistent...")
run_command(
["apt-get", "install", "-y", "iptables-persistent"],
"Failed to install iptables-persistent"
)
run_command(
"sudo iptables-save | sudo tee /etc/iptables/rules.v4",
"Failed to save iptables rules",
shell=True
)
# Ensure rules are correct before saving
print_step("💾", "Saving iptables rules for persistence...")
run_command("sudo iptables -S", "Failed to verify iptables rules", shell=True)
run_command("sudo netfilter-persistent save", "Failed to save iptables rules", shell=True)
run_command("sudo netfilter-persistent reload", "Failed to reload iptables rules", shell=True)
def main():
if os.geteuid() != 0:
@ -253,12 +248,6 @@ WantedBy=multi-user.target
run_command(["systemctl", "enable", "wireguard-manager"], "Failed to enable web interface service")
run_command(["systemctl", "restart", "wireguard-manager"], "Failed to start web interface service")
# Enable UFW and allow required ports
print_step("🛡️", "Configuring firewall...")
run_command(["apt-get", "install", "-y", "ufw"], "Failed to install UFW")
run_command(["ufw", "allow", "1337/tcp"], "Failed to allow port 1337")
run_command(["ufw", "--force", "enable"], "Failed to enable UFW")
# Final instructions
local_ip = get_local_ip()
print(f"""
@ -277,7 +266,6 @@ WireGuard Manager has been installed successfully!
- IP forwarding is enabled
- NAT rules are configured
- DNS is set to 1.1.1.1
- UFW is enabled and port 1337 is open
- Web interface will start automatically on boot
📝 Important locations:

Write Preview
Loading…
Cancel
Save