From 83d989c73c7fb88ec6b81f514173c6153d6543b9 Mon Sep 17 00:00:00 2001 From: Timothy-Page <44987179+Timothy-Page@users.noreply.github.com> Date: Sun, 24 Nov 2024 07:33:00 +1100 Subject: [PATCH 1/2] Added firewall rule for 51820 My vpn was not working unless i disabled the firewall until i added this rule. Signed-off-by: Timothy-Page <44987179+Timothy-Page@users.noreply.github.com> --- .../index.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/tutorials/installing-wireguard-ui-to-manage-your-wireguard-vpn-server/index.md b/content/tutorials/installing-wireguard-ui-to-manage-your-wireguard-vpn-server/index.md index ac18da7..4a43111 100644 --- a/content/tutorials/installing-wireguard-ui-to-manage-your-wireguard-vpn-server/index.md +++ b/content/tutorials/installing-wireguard-ui-to-manage-your-wireguard-vpn-server/index.md @@ -88,6 +88,7 @@ sudo ufw allow 80 comment "allow HTTP" # will be used by Nginx sudo ufw allow 443 comment "allow HTTPS" # will be used by Nginx sudo ufw allow proto udp to any port 443 comment "allow QUIC" # If your Nginx support QUIC sudo ufw allow proto udp to any port 51822 comment "WireGuard listen port" +sudo ufw allow proto udp to any port 51820 comment "WireGuard listen port" ``` > _Note that I also add **OpenSSH** to allow list to avoid losing connection to From 903ef3e32641ad699b6dea2a8d37b5279e18f3a5 Mon Sep 17 00:00:00 2001 From: Christian Ditaputratama Date: Wed, 27 Nov 2024 16:19:17 +0700 Subject: [PATCH 2/2] chore: Inform readers about the default WireGuard listen port Co-authored-by: Timothy-Page --- .../index.id.md | 21 +++++++++++++------ .../index.md | 16 ++++++++++---- 2 files changed, 27 insertions(+), 10 deletions(-) diff --git a/content/tutorials/installing-wireguard-ui-to-manage-your-wireguard-vpn-server/index.id.md b/content/tutorials/installing-wireguard-ui-to-manage-your-wireguard-vpn-server/index.id.md index 25eb117..d8a7afa 100644 --- a/content/tutorials/installing-wireguard-ui-to-manage-your-wireguard-vpn-server/index.id.md +++ b/content/tutorials/installing-wireguard-ui-to-manage-your-wireguard-vpn-server/index.id.md @@ -59,9 +59,16 @@ Pada artikel ini, tujuan kita adalah: {{< youtube o_JcLMjYI1A >}} -> Catatan: Video YouTube diatas tidak secara urut mengikuti artikel ini. Video -> tersebut juga menggunakan subnet yang berbeda, jadi sesuaikan sesuai -> kebutuhan. +> Catatan: +> +> - Secara default, WireGuard menggunakan UDP port 51820 dan WireGuard-UI +> mengikuti konfigurasi tersebut juga. Jika Anda tidak menggunakan port +> 51820 seperti yang digunakan di artikel ini, silahkan sesuaikan +> [konfigurasi firewall](#mengkonfigurasi-firewall) dan [WireGuard UI +> Server Settings](#menggunakan-wireguard-ui) Anda. +> - Video YouTube diatas tidak secara urut mengikuti artikel ini. Video +> tersebut juga menggunakan subnet yang berbeda, jadi sesuaikan sesuai +> kebutuhan. ## Mempersiapkan Server Anda @@ -83,7 +90,7 @@ sudo sysctl -p Hal tersebut perlu dilakukan supaya _kernel_ mengijinkan melakukan **IP forwarding**. -### Mengkonfigrasi Firewall +### Mengkonfigurasi Firewall Anda perlu untuk menambahkan _port_ yang akan digunakan oleh WireGuard _daemon_ ke _allow-list firewall_ Anda. Dari bawaan distro **Ubuntu**, **UFW** sudah @@ -91,10 +98,12 @@ terinstall dan dapat digunakan untuk mengkonfigurasi _firewall_. ```shell sudo ufw allow OpenSSH -sudo ufw allow 80 comment "allow HTTP" # akan digunakan oleh Nginx +sudo ufw allow 80 comment "allow HTTP" # akan digunakan oleh Nginx sudo ufw allow 443 comment "allow HTTPS" # akan digunakan oleh Nginx sudo ufw allow proto udp to any port 443 comment "allow QUIC" # Jika konfigurasi Nginx Anda mensupport QUIC -sudo ufw allow proto udp to any port 51822 comment "WireGuard listen port" +# Sesuaikan perintah ufw dibawah ini dengan WireGuard listen port Anda +sudo ufw allow proto udp to any port 51820 comment "WireGuard default listen port" +sudo ufw allow proto udp to any port 51822 comment "WireGuard tutorial listen port" ``` > _Perhatikan bahwa saya juga menambahkan **OpenSSH** ke allow list untuk diff --git a/content/tutorials/installing-wireguard-ui-to-manage-your-wireguard-vpn-server/index.md b/content/tutorials/installing-wireguard-ui-to-manage-your-wireguard-vpn-server/index.md index 4a43111..ba54978 100644 --- a/content/tutorials/installing-wireguard-ui-to-manage-your-wireguard-vpn-server/index.md +++ b/content/tutorials/installing-wireguard-ui-to-manage-your-wireguard-vpn-server/index.md @@ -55,8 +55,15 @@ In this guide, our goals: {{< youtube o_JcLMjYI1A >}} -> Note: The YouTube videos above are not in the order of this article. They -> also use different IPs & subnets, so adjust them to your needs. +> Note: +> +> - By default, WireGuard listens on UDP port 51820, and WireGuard-UI follows +> this configuration by default. If you don't use port 51822 (like this +> article does), please adjust [your firewall](#setting-up-firewall) and +> [WireGuard UI Server Settings](#using-wireguard-ui) configuration +> accordingly. +> - The YouTube videos above are not in the order of this article. They +> also use different IPs & subnets, so adjust them to your needs. ## Prepare Your Server @@ -87,8 +94,9 @@ sudo ufw allow OpenSSH sudo ufw allow 80 comment "allow HTTP" # will be used by Nginx sudo ufw allow 443 comment "allow HTTPS" # will be used by Nginx sudo ufw allow proto udp to any port 443 comment "allow QUIC" # If your Nginx support QUIC -sudo ufw allow proto udp to any port 51822 comment "WireGuard listen port" -sudo ufw allow proto udp to any port 51820 comment "WireGuard listen port" +# Adjust ufw command below according to your WireGuard listen port +sudo ufw allow proto udp to any port 51820 comment "WireGuard default listen port" +sudo ufw allow proto udp to any port 51822 comment "WireGuard tutorial listen port" ``` > _Note that I also add **OpenSSH** to allow list to avoid losing connection to