jose.rodriguez216
/
NVSRCO
Следить 1
В избранное 0
Форкнуть 0
Код Задачи 0 Pull Request'ы 0 Релизы 0 Вики Активность
Lightweight Vulnerability Scanner for Resourced-constrained Organizations
4 коммитов
1 ветка
Дерево: dd8ba6f4d4
веток Теги
${ item.name }
Создать ветку ${ searchTerm }
из 'dd8ba6f4d4'
${ noResults }
NVSRCO/VPN/Wireguard setup bash scripts/README-wireguard-final.md

README-wireguard-final.md 2.3KB
История Исходник

WireGuard VPN Setup Scripts

These scripts automate the installation and configuration of a WireGuard-based VPN setup for a network vulnerability scanner project. They include:

  • A client setup script to establish a reverse tunnel from a remote site
  • A server setup script for the central scanner to receive connections

📡 VPN Client Setup (setup-wireguard-client.sh)

This script installs WireGuard on a remote machine, generates keys, and sets up a reverse tunnel to the scanner server using the WireGuard protocol.

🔧 Configuration

Before running, edit the following values inside the script:

  • WG_ADDRESS: IP address of the client in the VPN (e.g., 10.0.0.2/24)
  • WG_SERVER_PUBLIC_KEY: Public key of the server
  • WG_SERVER_ENDPOINT: IP and port of the server (e.g., 192.0.2.1:51820)
  • WG_ALLOWED_IPS: Use 0.0.0.0/0 to tunnel all traffic through the VPN
  • WG_IFACE: Network interface used for NAT (e.g., enp0s3)

▶️ Usage

chmod +x setup-wireguard-client.sh
sudo ./setup-wireguard-client.sh

🛡 VPN Server Setup (setup-wireguard-server-no-postup.sh)

This script installs WireGuard on the central scanning server, generates a keypair, and configures it to accept connections from clients.

🔧 Configuration

Before running, edit the script:

  • WG_ADDRESS: Server IP in the VPN (e.g., 10.0.0.1/32)
  • WG_LISTEN_PORT: Port to listen on (e.g., 123)
  • WG_PEER_PUBLIC_KEY: Public key of the client
  • WG_ALLOWED_IPS: Must include the client’s tunnel IP (e.g., 10.0.0.2/32) and any internal subnets the server needs to access through the client (e.g., 192.168.0.0/24)

▶️ Usage

chmod +x setup-wireguard-server-no-postup.sh
sudo ./setup-wireguard-server-no-postup.sh

Notes

  • Ensure the client’s real internal subnets are listed in AllowedIPs on the server.
  • You can connect multiple clients by repeating the [Peer] block in the server’s config.
  • Keys are stored under /etc/wireguard/. Do not expose them publicly.
  • You need to exchange public keys from scanner to client and vice versa to put in the conf file

🛠 Useful Commands

wg show                   # Show the status of WireGuard connection
sudo wg-quick down wg0    # Bring down the VPN
sudo wg-quick up wg0      # Bring up the VPN