docker compose and configs for wireguard to make a private network over two/many nodes
- Upstream Server: A server that has free access to the Internet.
- Bridge Server: A server that is available to clients and has access to an upstream server.
- Client: A user-side application with access to the bridge server.
- copy docker-compose and config files into your machines
- create two public/private keys for both of them
- change the bridge/config/wg0.conf by the hints on that
- change the upstream/config/wg0.conf like bridge
generate a private key
wg genkey | tee clientpkand after that get the public key
cat clientpk | wg pubkeythe first command will print the [PEER_PRIVATE_KEY] and the second one prints [PEER_PUBLIC_KEY]
add a [Peer] block the bridge server config
[Peer]
PublicKey = [PEER_PUBLIC_KEY]
AllowedIPs = 10.10.10.4/32you need to set the Allowed ip according to your internal subnet mask ip
and at the end you need to create config file which an example is in the bridge/clients/example.conf, you need to modify the hints based on peer_public_key which generated before and set the other hints
wireguard doesn't focused on obfuscation and so easy to detect and block by using deep packed inspection, you can use an obfuscate layer over it like udp2raw https://github.com/rezpilehvar/udp2raw
[https://www.wireguard.com/install/] Wireguard clients official document