4 недель назад · c2a9049296
--- a/scripts/README-wireguard-final.md
+++ b/scripts/README-wireguard-final.md
@@ -1,68 +0,0 @@
 
				-# WireGuard VPN Setup Scripts
			
 
				-
			
 
				-These scripts automate the installation and configuration of a WireGuard-based VPN setup for a network vulnerability scanner project. They include:
			
 
				-
			
 
				-- A **client setup script** to establish a reverse tunnel from a remote site
			
 
				-- A **server setup script** for the central scanner to receive connections
			
 
				-
			
 
				----
			
 
				-
			
 
				-## 📡 VPN Client Setup (`setup-wireguard-client.sh`)
			
 
				-
			
 
				-This script installs WireGuard on a remote machine, generates keys, and sets up a reverse tunnel to the scanner server using the WireGuard protocol.
			
 
				-
			
 
				-### 🔧 Configuration
			
 
				-
			
 
				-Before running, edit the following values inside the script:
			
 
				-
			
 
				-- `WG_ADDRESS`: IP address of the client in the VPN (e.g., `10.0.0.2/24`)
			
 
				-- `WG_SERVER_PUBLIC_KEY`: Public key of the server
			
 
				-- `WG_SERVER_ENDPOINT`: IP and port of the server (e.g., `192.0.2.1:51820`)
			
 
				-- `WG_ALLOWED_IPS`: Use `0.0.0.0/0` to tunnel all traffic through the VPN
			
 
				-- `WG_IFACE`: Network interface used for NAT (e.g., `enp0s3`)
			
 
				-
			
 
				-### ▶️ Usage
			
 
				-
			
 
				-```bash
			
 
				-chmod +x setup-wireguard-client.sh
			
 
				-sudo ./setup-wireguard-client.sh
			
 
				-```
			
 
				-
			
 
				----
			
 
				-
			
 
				-## 🛡 VPN Server Setup (`setup-wireguard-server-no-postup.sh`)
			
 
				-
			
 
				-This script installs WireGuard on the central scanning server, generates a keypair, and configures it to accept connections from clients.
			
 
				-
			
 
				-### 🔧 Configuration
			
 
				-
			
 
				-Before running, edit the script:
			
 
				-
			
 
				-- `WG_ADDRESS`: Server IP in the VPN (e.g., `10.0.0.1/32`)
			
 
				-- `WG_LISTEN_PORT`: Port to listen on (e.g., `123`)
			
 
				-- `WG_PEER_PUBLIC_KEY`: Public key of the client
			
 
				-- `WG_ALLOWED_IPS`: Must include the client's tunnel IP (e.g., `10.0.0.2/32`) and any **internal subnets** the server needs to access through the client (e.g., `192.168.0.0/24`)
			
 
				-
			
 
				-### ▶️ Usage
			
 
				-
			
 
				-```bash
			
 
				-chmod +x setup-wireguard-server-no-postup.sh
			
 
				-sudo ./setup-wireguard-server-no-postup.sh
			
 
				-```
			
 
				-
			
 
				----
			
 
				-
			
 
				-## Notes
			
 
				-
			
 
				-- Ensure the client's real internal subnets are listed in `AllowedIPs` on the server.
			
 
				-- You can connect multiple clients by repeating the `[Peer]` block in the server’s config.
			
 
				-- Keys are stored under `/etc/wireguard/`. Do not expose them publicly.
			
 
				-- You need to exchange public keys from scanner to client and vice versa to put in the conf file
			
 
				-
			
 
				-### 🛠 Useful Commands
			
 
				-
			
 
				-```bash
			
 
				-wg show                   # Show the status of WireGuard connection
			
 
				-sudo wg-quick down wg0    # Bring down the VPN
			
 
				-sudo wg-quick up wg0      # Bring up the VPN
			
 
				-```