sapient/wgtool
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
wgtool/scripting/ROUTING_MODE_DOCUMENTATION.md
sapient f9529c6055 chore: initial commit of wgtool
2026-03-22 00:54:58 -07:00

2.9 KiB
Raw Permalink Blame History

WireGuard Easy Setup - Routing Mode Documentation

Overview

The wgez-setup.sh script now supports two different traffic routing modes:

  1. WireGuard-only mode (default)
  2. Full tunnel mode

Routing Modes

WireGuard-only Mode

  • Purpose: Only route WireGuard network traffic (10.8.0.x) through the VPN
  • AllowedIPs: 10.8.0.0/24
  • DNS: None (uses system DNS)
  • Internet Traffic: Bypasses VPN, uses regular internet connection
  • Use Case: When you want to access WireGuard network resources but keep regular internet traffic separate

Full Tunnel Mode

  • Purpose: Route ALL internet traffic through the VPN
  • AllowedIPs: 0.0.0.0/0, ::/0
  • DNS: 1.1.1.1, 8.8.8.8 (Cloudflare and Google DNS)
  • Internet Traffic: All traffic goes through VPN
  • Use Case: When you want complete privacy/anonymity or need to bypass network restrictions

Configuration Differences

WireGuard-only Configuration

[Interface]
Address = 10.8.0.6/24
PrivateKey = <private_key>

[Peer]
PublicKey = <zion_public_key>
AllowedIPs = 10.8.0.0/24
Endpoint = ugh.im:51820
PersistentKeepalive = 60

Full Tunnel Configuration

[Interface]
Address = 10.8.0.6/24
PrivateKey = <private_key>
DNS = 1.1.1.1, 8.8.8.8

[Peer]
PublicKey = <zion_public_key>
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = ugh.im:51820
PersistentKeepalive = 60

Endpoint Requirements

WireGuard-only Mode

  • Zion Server: No special requirements
  • Client: Standard WireGuard configuration

Full Tunnel Mode

  • Zion Server: Must have proper NAT/iptables rules
  • Required Zion Configuration: 
    # Enable IP forwarding
echo 'net.ipv4.ip_forward=1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

# Add NAT rules (if not already present)
sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i wg0 -j ACCEPT
sudo iptables -A FORWARD -o wg0 -j ACCEPT

Usage

  1. Run the setup script: ./wgez-setup.sh
  2. Choose option 2 (Generate keys + complete config)
  3. Select routing mode:
    • Option 1: WireGuard traffic only
    • Option 2: All traffic through VPN
  4. Follow the generated instructions

Important Notes

  • Full tunnel mode requires the Zion server to have proper NAT configuration
  • WireGuard-only mode is safer and doesn't require endpoint changes
  • The script automatically provides endpoint-specific instructions for full tunnel mode
  • Routing mode is saved in the JSON info file for reference

Troubleshooting

Full Tunnel Not Working

  1. Check Zion's iptables rules: sudo iptables -t nat -L POSTROUTING
  2. Verify IP forwarding is enabled: cat /proc/sys/net/ipv4/ip_forward
  3. Check WireGuard interface status: sudo wg show

DNS Issues in Full Tunnel

  • The script configures DNS servers (1.1.1.1, 8.8.8.8)
  • If DNS doesn't work, check if Zion allows DNS traffic
  • Consider adding DNS-specific iptables rules if needed
Reference in New Issue View Git Blame Copy Permalink