sapient/wgtool
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
wgtool/scripting/ROUTING_MODE_DOCUMENTATION.md
sapient f9529c6055 chore: initial commit of wgtool
2026-03-22 00:54:58 -07:00

101 lines
2.9 KiB
Markdown
Raw Permalink Blame History

# WireGuard Easy Setup - Routing Mode Documentation
## Overview
The `wgez-setup.sh` script now supports two different traffic routing modes:
1. **WireGuard-only mode** (default)
2. **Full tunnel mode**
## Routing Modes
### WireGuard-only Mode
- **Purpose**: Only route WireGuard network traffic (10.8.0.x) through the VPN
- **AllowedIPs**: `10.8.0.0/24`
- **DNS**: None (uses system DNS)
- **Internet Traffic**: Bypasses VPN, uses regular internet connection
- **Use Case**: When you want to access WireGuard network resources but keep regular internet traffic separate
### Full Tunnel Mode
- **Purpose**: Route ALL internet traffic through the VPN
- **AllowedIPs**: `0.0.0.0/0, ::/0`
- **DNS**: `1.1.1.1, 8.8.8.8` (Cloudflare and Google DNS)
- **Internet Traffic**: All traffic goes through VPN
- **Use Case**: When you want complete privacy/anonymity or need to bypass network restrictions
## Configuration Differences
### WireGuard-only Configuration
```ini
[Interface]
Address = 10.8.0.6/24
PrivateKey = <private_key>
[Peer]
PublicKey = <zion_public_key>
AllowedIPs = 10.8.0.0/24
Endpoint = ugh.im:51820
PersistentKeepalive = 60
```
### Full Tunnel Configuration
```ini
[Interface]
Address = 10.8.0.6/24
PrivateKey = <private_key>
DNS = 1.1.1.1, 8.8.8.8
[Peer]
PublicKey = <zion_public_key>
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = ugh.im:51820
PersistentKeepalive = 60
```
## Endpoint Requirements
### WireGuard-only Mode
- **Zion Server**: No special requirements
- **Client**: Standard WireGuard configuration
### Full Tunnel Mode
- **Zion Server**: Must have proper NAT/iptables rules
- **Required Zion Configuration**:
```bash
# Enable IP forwarding
echo 'net.ipv4.ip_forward=1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -p
# Add NAT rules (if not already present)
sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i wg0 -j ACCEPT
sudo iptables -A FORWARD -o wg0 -j ACCEPT
```
## Usage
1. Run the setup script: `./wgez-setup.sh`
2. Choose option 2 (Generate keys + complete config)
3. Select routing mode:
- Option 1: WireGuard traffic only
- Option 2: All traffic through VPN
4. Follow the generated instructions
## Important Notes
- **Full tunnel mode** requires the Zion server to have proper NAT configuration
- **WireGuard-only mode** is safer and doesn't require endpoint changes
- The script automatically provides endpoint-specific instructions for full tunnel mode
- Routing mode is saved in the JSON info file for reference
## Troubleshooting
### Full Tunnel Not Working
1. Check Zion's iptables rules: `sudo iptables -t nat -L POSTROUTING`
2. Verify IP forwarding is enabled: `cat /proc/sys/net/ipv4/ip_forward`
3. Check WireGuard interface status: `sudo wg show`
### DNS Issues in Full Tunnel
- The script configures DNS servers (1.1.1.1, 8.8.8.8)
- If DNS doesn't work, check if Zion allows DNS traffic
- Consider adding DNS-specific iptables rules if needed
Reference in New Issue View Git Blame Copy Permalink