ditatompel/insights
1
0
Fork 0
mirror of https://github.com/ditatompel/insights.git synced 2025-01-08 03:12:06 +07:00
Code Issues Projects Releases Packages Wiki Activity

Compare commits

base: ditatompel:106774b6cacc6a016d11fd9dc4ded4fecdbc3a5e
Branches Tags
ditatompel:main
ditatompel:renovate/github.com-hbstack-syntax-highlighting-0.x
ditatompel:renovate/github.com-hugomods-katex-0.x
ditatompel:renovate/github.com-katex-katex-0.x
ditatompel:renovate/github.com-hugomods-simple-icons-13.x
ditatompel:renovate/github.com-hugomods-icons-vendors-simple-icons-1.x
ditatompel:renovate/github.com-hbstack-socials-0.x
ditatompel:renovate/github.com-jakearchibald-idb-8.x
ditatompel:renovate/github.com-hbstack-docs-0.x
ditatompel:renovate/github.com-hbstack-blog-0.x
ditatompel:renovate/github.com-hugomods-shortcodes-0.x
ditatompel:deskflow-patch
..
compare: ditatompel:b5d8db6513508f9d8c18ce281bce636e1ba31e67
Branches Tags
ditatompel:renovate/github.com-hbstack-syntax-highlighting-0.x
ditatompel:renovate/github.com-hugomods-katex-0.x
ditatompel:renovate/github.com-katex-katex-0.x
ditatompel:renovate/github.com-hugomods-simple-icons-13.x
ditatompel:renovate/github.com-hugomods-icons-vendors-simple-icons-1.x
ditatompel:renovate/github.com-hbstack-socials-0.x
ditatompel:renovate/github.com-jakearchibald-idb-8.x
ditatompel:renovate/github.com-hbstack-docs-0.x
ditatompel:renovate/github.com-hbstack-blog-0.x
ditatompel:renovate/github.com-hugomods-shortcodes-0.x
ditatompel:main
ditatompel:deskflow-patch

No commits in common. "106774b6cacc6a016d11fd9dc4ded4fecdbc3a5e" and "b5d8db6513508f9d8c18ce281bce636e1ba31e67" have entirely different histories.
106774b6ca ... b5d8db6513

9 changed files with 424 additions and 615 deletions
Show stats Expand all files Collapse all files

17
content/blog/blowing-the-lid-off-the-wd-all-trading-bot-cryptocurrency-balance/index.md
View file

@ -1,9 +1,9 @@
---
title: 'Blowing the lid off the "WD ALL trading bot" cryptocurrency balance'
title: "Blowing the lid off the \"WD ALL trading bot\" cryptocurrency balance"
description: "There are several trading bots that have been proven to be scams and some still expected to be able to return to their activities again. At first I thought it would be a little difficult and take a long time, but it doesn't seem like it will take that long."
date: 2022-03-12T01:15:58+07:00
lastmod:
draft: true
draft: false
noindex: false
featured: false
pinned: false
@ -15,11 +15,20 @@ categories:
tags:
- Scam
images:
# -
# menu:
# main:
# weight: 100
# params:
# icon:
# vendor: bs
# name: book
# color: '#e24d0e'
authors:
- ditatompel
---
I am interested in researching the phenomenon of _"trading bots"_ which has recently gone viral in Indonesia. There are several trading bots that have been proven to be scams and some still expected to be able to return to their activities again. At first I thought it would be a little difficult and take a long time, but it doesn't seem like it will take that long.
I am interested in researching the phenomenon of *"trading bots"* which has recently gone viral in Indonesia. There are several trading bots that have been proven to be scams and some still expected to be able to return to their activities again. At first I thought it would be a little difficult and take a long time, but it doesn't seem like it will take that long.
<!--more-->
@ -30,7 +39,6 @@ Recently I saw a [video on YouTube that discusses the withdrawal](https://r.vr4.
Maxglobal broker: [TJDENsfBJs4RFETt1X1W8wMDc8M5XnJhCe](https://r.vr4.me/bmQPs) => I don't have any exact information whether this address belongs to a broker or an exchange. But from the number of transactions I think the wallet belong to exchange, not broker.
Then this is the most interesting, a person who posted on the chat platform **claims** that these wallets are their funds that are still in the broker they use:
- Zentrade Broker => [TV6MuMXfmLbBqPZvBHdwFsDnQeVfnmiuSi](https://r.vr4.me/RsIHm)
- Broker GP: => [TYASr5UV6HEcXatwdFQfmLVUqQQQMUxHLS](https://r.vr4.me/R1CMZ)
- Broker Blafx => [TNXoiAJ3dct8Fjg4M9fkLFh9S2v9TXc32G](https://r.vr4.me/N8Qvs)
@ -40,4 +48,3 @@ _This is bullshit! That balance does not belong to that trading bot company nor
From here I won't do further research because obviously people who say the wallet belongs to their broker is not true!
Lying to a business partner is fatal. Not meant to scare you who invest your money to this "trading bot", but please think with your common sense.

64
content/tutorials/configure-wireguard-vpn-clients/index.id.md
View file

@ -1,7 +1,6 @@
---
title: "Mengkonfigurasi WireGuard VPN Client"
description: "Informasi mengenai cara mengimport konfigurasi VPN WireGuard Anda ke Android, iOS, MacOS, Windows dan Linux."
summary: "Artikel ini berisi informasi mengenai cara untuk mengimport konfigurasi WireGuard VPN Anda ke Android, iOS/iPhone, MacOS, Windows dan Linux."
# linkTitle:
date: 2023-06-06T23:51:13+07:00
lastmod:
@ -39,6 +38,11 @@ authors:
- vie
---
Artikel ini berisi informasi mengenai cara untuk **mengimport** konfigurasi **WireGuard VPN** Anda ke **Android**, **iOS/iPhone**, **MacOS**, **Windows** dan **Linux**.
<!--more-->
---
Artikel ini adalah bagian dari [seri **WireGuard VPN**](https://insights.ditatompel.com/id/series/wireguard-vpn/). Jika Anda belum membaca artikel sebelumnya dari seri ini, Anda mungkin akan tertarik untuk membaca [Cara Setup **VPN Server WireGuard** Sendiri]({{< ref "/tutorials/how-to-setup-your-own-wireguard-vpn-server/index.id.md" >}}) atau [Menginstall WireGuard-UI untuk Mengatur WireGuard Server Anda]({{< ref "/tutorials/installing-wireguard-ui-to-manage-your-wireguard-vpn-server/index.id.md" >}}).
Pada awalnya, [WireGuard](https://www.wireguard.com/) dirilis untuk **kernel Linux**, namun sekarang WireGuard sudah tersedia untuk **Windows**, **macOS**, **BSD**, **iOS**, dan **Android**. Saat Anda membeli **VPN WireGuard** dari penyedia layanan VPN, biasanya Anda akan menerima file konfigurasi (beberapa penyedia juga memberi gambar **QR Code**). File konfigurasi inilah yang Anda butuhkan untuk menyetting VPN WireGuard di perangkat Anda.
@ -47,8 +51,7 @@ Untuk Windows, MacOS, Android, dan iOS, yang perlu anda lakukan adalah mengimpor
Meskipun cara mensettingnya cukup mudah, saya akan tetap menuliskan langkah-langkah untuk menginstall atau mengimport konfigurasi WireGuard disini untuk keperluan dokumentasi pribadi.
Konfigurasi WireGuard yang diberikan oleh penyedia layanan VPN atau Sistem Administrator Anda sebenarnya hanyalah sebuah _text_ file saja, biasanya akan terlihat seperti berikut:
Konfigurasi WireGuard yang diberikan oleh penyedia layanan VPN atau Sistem Administrator Anda sebenarnya hanyalah sebuah *text* file saja, biasanya akan terlihat seperti berikut:
```plain
[Interface]
Address = 10.10.88.5/32
@ -63,72 +66,61 @@ AllowedIPs = 0.0.0.0/0
Endpoint = xx.xx.xx0.246:51822
PersistentKeepalive = 15
```
> _Bagian alamat IP dari `[Peer] Endpoint` diatas dihapus untuk alasan privasi dan keamanan._
## iPhone / iOS
Download [official WireGuard client untuk iOS dari App Store](https://apps.apple.com/us/app/wireguard/id1441195209?ls=1), pastikan bahwa aplikasi berasal dari **"[WireGuard Development Team](https://apps.apple.com/us/developer/wireguard-development-team/id1441195208)"**.
Kemudian Anda dapat mengimport konfigurasi dengan menekan tombol <kbd>+</kbd> yang terletak di sisi layar kanan atas dari aplikasi WireGuard.
### Menggunakan QR Code
1. Jika penyedia layanan VPN Anda memberikan gambar **QR Code** untuk konfigurasi WireGuardnya, pilih **"Create from QR code"** kemudian _scan_ gambar **QR Code** yang diberikan tersebut.
2. Ketika diminta untuk memasukan **name of the scanned tunnel** ([_contoh gambar_](wg-ios1.png)), isi saja dengan apapun yang bisa Anda ingat dengan mudah. _Hindari menggunakan karakter selain `-` dan `[a-z]`_. Profile koneksi VPN baru yang baru saja Anda tambahkan akan muncul di aplikasi WireGuard Anda.
1. Jika penyedia layanan VPN Anda memberikan gambar **QR Code** untuk konfigurasi WireGuardnya, pilih **"Create from QR code"** kemudian *scan* gambar **QR Code** yang diberikan tersebut.
2. Ketika diminta untuk memasukan **name of the scanned tunnel** ([*contoh gambar*](wg-ios1.png)), isi saja dengan apapun yang bisa Anda ingat dengan mudah. *Hindari menggunakan karakter selain `-` dan `[a-z]`*. Profile koneksi VPN baru yang baru saja Anda tambahkan akan muncul di aplikasi WireGuard Anda.
### Menggunakan import file atau archive
1. Untuk mengimport konfigurasi dari file `.conf`, Anda perlu mendownload terlebih dahulu konfigurasi tersebut ke perangkat Anda.
2. Setelah konfigurasi tersebut terdownload ke perangkat Anda, pilih **"Create from file or archive"** dan import konfigurasi WireGuard Anda.
_Ingat, hindari menggunakan karakter selain `-` dan `[a-z]` untuk **interface** **"name"**_.
_Ingat, hindari menggunakan karakter selain `-` dan `[a-z]` untuk **interface** **"name"**_.
Setelah konfigurasi berhasil diimport, cukup tap tombol **"_switch_ Active"** pada profile VPN ke **on** untuk mengkatifkan koneksi VPN [[_contoh gambar connected VPN WireGuard yang aktif di iOS_](wg-ios2.png)].
Setelah konfigurasi berhasil diimport, cukup tap tombol **"_switch_ Active"** pada profile VPN ke **on** untuk mengkatifkan koneksi VPN [[*contoh gambar connected VPN WireGuard yang aktif di iOS*](wg-ios2.png)].
## Android
Download [official WireGuard client untuk Android dari Play Store](https://play.google.com/store/apps/details?id=com.wireguard.android),pastikan bahwa aplikasi berasal dari **"[WireGuard Development Team](https://play.google.com/store/apps/developer?id=WireGuard+Development+Team)"**.
Anda dapat mengimport konfigurasi dengan menekan tombol <kbd>+</kbd> yang terletak di sisi layar kanan bawah dari aplikasi WireGuard.
### Menggunakan QR Code
1. Jika penyedia layanan VPN Anda memberikan gambar **QR Code** untuk konfigurasi WireGuardnya, pilih **"Scan from QR code"** kemudian _scan_ gambar **QR Code** yang diberikan tersebut.
2. Ketika diminta untuk memasukan **Tunnel Name** ([_contoh gambar_](wg-android1.png)), isi saja dengan apapun yang bisa Anda ingat dengan mudah. _Hindari menggunakan karakter selain `-` dan `[a-z]`_. Profile koneksi VPN baru yang baru saja Anda tambahkan akan muncul di aplikasi WireGuard Anda.
1. Jika penyedia layanan VPN Anda memberikan gambar **QR Code** untuk konfigurasi WireGuardnya, pilih **"Scan from QR code"** kemudian *scan* gambar **QR Code** yang diberikan tersebut.
2. Ketika diminta untuk memasukan **Tunnel Name** ([*contoh gambar*](wg-android1.png)), isi saja dengan apapun yang bisa Anda ingat dengan mudah. *Hindari menggunakan karakter selain `-` dan `[a-z]`*. Profile koneksi VPN baru yang baru saja Anda tambahkan akan muncul di aplikasi WireGuard Anda.
### Menggunakan import file atau archive
1. Untuk mengimport konfigurasi dari file `.conf`, Anda perlu mendownload terlebih dahulu konfigurasi tersebut ke perangkat Anda.
2. Setelah konfigurasi tersebut terdownload ke perangkat Anda, pilih **"Import from file or archive"** dan import konfigurasi WireGuard Anda.
_Ingat, hindari menggunakan karakter selain `-` dan `[a-z]` untuk **interface** **"name"**_.
_Ingat, hindari menggunakan karakter selain `-` dan `[a-z]` untuk **interface** **"name"**_.
Setelah konfigurasi berhasil diimport, cukup tap tombol **"_switch_ Active"** pada profile VPN ke **on** untuk mengkatifkan koneksi VPN [[_contoh gambar connected VPN WireGuard yang aktif di Android_](wg-android2.png)].
Setelah konfigurasi berhasil diimport, cukup tap tombol **"_switch_ Active"** pada profile VPN ke **on** untuk mengkatifkan koneksi VPN [[*contoh gambar connected VPN WireGuard yang aktif di Android*](wg-android2.png)].
## Windows dan MacOS
Saya meletakan Windows dan MacOS di sesi yang sama karena mengimport konfigurasi WireGuard untuk sistem operasi Windows dan MacOS cukup mirip. Setelah aplikasi [official WireGuard](https://www.wireguard.com/install/) terinstall:
1. Klik tombol "**Add Tunnel**" (atau pada _icon dropdown_-nya) dan "**Import tunnel(s) from file...**", kemudian pilih file konfigurasi WireGuard Anda.
1. Klik tombol "**Add Tunnel**" (atau pada *icon dropdown*-nya) dan "**Import tunnel(s) from file...**", kemudian pilih file konfigurasi WireGuard Anda.
2. Setelah berhasil melakukan konesi VPN WireGuard, coba lakukan pengecekan alamat IP publik Anda. Jika semua konfigurasi benar, maka IP VPN server Anda yang seharusnya tampil saat pengecekan, bukan IP dari ISP Anda.
![Koneksi VPN WireGuard di Windows](wg-windows-connected.png#center)
![Koneksi VPN WireGuard di Windows](wg-windows-connected.png#center)
## Linux
Untuk pengguna Linux, Anda perlu menginstall _package_ `wireguard` ke sistem Anda. Cari tahu [bagaimana cara menginstall WireGuard dari situs resmi WireGuard](https://www.wireguard.com/install/) atau dari halaman dokumentasi _distro_ yang Anda gunakan.
Untuk pengguna Linux, Anda perlu menginstall *package* `wireguard` ke sistem Anda. Cari tahu [bagaimana cara menginstall WireGuard dari situs resmi WireGuard](https://www.wireguard.com/install/) atau dari halaman dokumentasi *distro* yang Anda gunakan.
### Menggunakan wg-quick
Cara paling mudah dan paling _simple_ untuk menggunakan WireGuard adalah dengan menggunakan `wg-quick` yang tersedia setelah Anda menginstall _package_ `wireguard`. Letakkan file konfigurasi WireGuard dari penyedia layanan VPN Anda ke `/etc/wireguard` dan lakukan koneksi ke VPN server menggunakan perintah berikut:
Cara paling mudah dan paling *simple* untuk menggunakan WireGuard adalah dengan menggunakan `wg-quick` yang tersedia setelah Anda menginstall *package* `wireguard`. Letakkan file konfigurasi WireGuard dari penyedia layanan VPN Anda ke `/etc/wireguard` dan lakukan koneksi ke VPN server menggunakan perintah berikut:
```shell
sudo systemctl start wg-quick@<interface-name>.service.
```
Ubah `<interface-name>` diatas dengan nama file (tanpa ekstensi `.conf`) dari konfigurasi WireGuard yang diberikan oleh penyedia layanan VPN Anda.
Sebagai contoh, jika Anda mengubah nama file `wg0.conf` ke `wg-do1.conf` yang berada di folder `/etc/wireguard`, Anda bisa melakukan koneksi ke VPN server menggunakan perintah `sudo systemctl start wg-quick@wg-do1.service`.
Cobalah melakukan pengecekan koneksi WireGuard dengan mengecek alamat IP publik Anda dari browser atau terminal (`curl ifconfig.me`). Jika alamat IP yang terdeteksi masih alamat IP dari ISP yang Anda gunakan, perintah pertama untuk melakukan _troubleshot_ adalah `sudo wg show` atau `sudo systemctl status wg-quick@wg-do1.service`.
Cobalah melakukan pengecekan koneksi WireGuard dengan mengecek alamat IP publik Anda dari browser atau terminal (`curl ifconfig.me`). Jika alamat IP yang terdeteksi masih alamat IP dari ISP yang Anda gunakan, perintah pertama untuk melakukan *troubleshot* adalah `sudo wg show` atau `sudo systemctl status wg-quick@wg-do1.service`.
> _**Catatan 1**: Secara default, `wg-quick` menggunalan `resolvconf` untuk memasukan entri **DNS** baru. Hal ini akan menimbulkan masalah dengan **network manager** dan **DHCP client** yang tidak menggunakan `resolvconf`, karena mereka akan menulis ulang entri DNS di `/etc/resolv.conf` (yang akan menghapus DNS server yang telah ditambahkan oleh perintah `wg-quick`)._
> _Solusinya adalah dengan menggunakan software network manager yang mensupport `resolvconf`._
@ -136,30 +128,25 @@ Cobalah melakukan pengecekan koneksi WireGuard dengan mengecek alamat IP publik
> _**Catatan 2**: Pengguna `systemd-resolved` harus memastikan bahwa `systemd-resolvconf` terinstall dan berjalan dengan baik._
### Mengunakan NetworkManager
**NetworkManager** pada _bleeding-edge_ atau _rolling release distro_ seperti **Arch Linux** sudah mensupport WireGuard VPN secara _native_.
**NetworkManager** pada *bleeding-edge* atau *rolling release distro* seperti **Arch Linux** sudah mensupport WireGuard VPN secara *native*.
#### Menggunakan NetworkManager TUI & GUI
![NetworkManager tui](wg-nmtui.png#center)
Anda dapat dengan mudah mengkonfigurasi koneksi WireGuard dan _peers_-nya menggunakan **NetworkManager TUI** atau **GUI**. Pada contoh ini, saya akan menggunakan **NetworkManager GUI**.
Anda dapat dengan mudah mengkonfigurasi koneksi WireGuard dan *peers*-nya menggunakan **NetworkManager TUI** atau **GUI**. Pada contoh ini, saya akan menggunakan **NetworkManager GUI**.
1. Buka **NetworkManager** GUI, klik <kbd>+</kbd> untuk menambahkan koneksi.
2. Pilih "**Import a saved VPN configuration**" import konfigurasi WireGuard Anda.
3. Kemudian, Anda dapat mengubah "**Connection name**" dan "**Interface name**" ke apapun yang bisa Anda ingat dengan mudah. Tapi, **Hindari menggunakan karakter selain `-` dan `[a-z]`** untuk "**Interface name**". Koneksi tidak akan berjalan jika Anda menggunakan karakter spesial seperi _spasi_.
3. Kemudian, Anda dapat mengubah "**Connection name**" dan "**Interface name**" ke apapun yang bisa Anda ingat dengan mudah. Tapi, **Hindari menggunakan karakter selain `-` dan `[a-z]`** untuk "**Interface name**". Koneksi tidak akan berjalan jika Anda menggunakan karakter spesial seperi *spasi*.
![NetworkManager gui](wg-nmgui.png#center)
#### Menggunakan nmcli
`nmcli` dapat mengimport konfigurasi `wg-quick`. Sebagai contoh, untuk mengimport konfigurasi WireGuard dari `/etc/wireguard/t420.conf`:
```shell
nmcli connection import type wireguard file /etc/wireguard/t420.conf
```
Meskipun `nmcli` dapat membuat profil koneksi WireGuard, tetapi ia tidak mendukung konfigurasi untuk _peer_. Berikut ini adalah contoh konfigurasi WireGuard melalui format `.nmconnection` file yang ada pada folder `/etc/NetworkManager/system-connections/` untuk _multiple peers_ dan _custom routing_:
Meskipun `nmcli` dapat membuat profil koneksi WireGuard, tetapi ia tidak mendukung konfigurasi untuk *peer*. Berikut ini adalah contoh konfigurasi WireGuard melalui format `.nmconnection` file yang ada pada folder `/etc/NetworkManager/system-connections/` untuk *multiple peers* dan *custom routing*:
```plain
[connection]
@ -192,11 +179,12 @@ method=manual
addr-gen-mode=stable-privacy
method=ignore
```
![nmcli wireguard connection example](wg-nmcli.png#center)
## Catatan
- Anda tidak dapat melakukan koneksi ke VPN server yang sama dari 2 perangkat atau lebih dengan **key** yang sama. **Setiap perangkat HARUS memiliki _key_ yang unik**.
- Untuk beberapa sistem operasi seperti Windoes, jika Anda tidak dapat mengimport konfigurasi WireGuard Anda ke aplikasi WireGuard, pastikan bahwa file konfigurasi Anda berekstensi `.conf`.
### Catatan Tambahan
- Jika Anda tertarik untuk [memiliki **VPN Server WireGuard** Sendiri]({{< ref "/tutorials/how-to-setup-your-own-wireguard-vpn-server/index.id.md" >}}) tetapi mengalami kesulitan atau keterbatasan secara teknis, saya dapat membantu Anda untuk melakukannya dengan imbalan sedikit uang. (_Saya juga menerima **Monero XMR** sebagai **imbalan** jika Anda tidak memiliki mata uang Rupiah_).
- Untuk dapat menghubungi saya, silahkan kunjungi [https://www.ditatompel.com/pages/contact](https://www.ditatompel.com/pages/contact).

71
content/tutorials/configure-wireguard-vpn-clients/index.md
View file

@ -1,7 +1,6 @@
---
title: "Configure WireGuard VPN Clients"
description: "Information about how to import your WireGuard VPN config to your Android, iOS, MacOS, Windows and Linux machine."
summary: "This article contains information about how to import your WireGuard VPN config to your Android, iOS/iPhone, macOS, Windows and Linux machine."
# linkTitle:
date: 2023-06-06T23:51:13+07:00
lastmod:
@ -9,6 +8,10 @@ draft: false
noindex: false
# comments: false
nav_weight: 1000
# nav_icon:
# vendor: bootstrap
# name: toggles
# color: '#e24d0e'
series:
- WireGuard VPN
categories:
@ -22,20 +25,32 @@ tags:
- Windows
- MacOS
images:
# menu:
# main:
# weight: 100
# params:
# icon:
# vendor: bs
# name: book
# color: '#e24d0e'
authors:
- ditatompel
---
This article contains information about how to **import** your **WireGuard VPN** config to your **Android**, **iOS/iPhone**, **macOS**, **Windows** and **Linux** machine.
<!--more-->
---
This article is part of [**WireGuard VPN** series](https://insights.ditatompel.com/en/series/wireguard-vpn/). If you haven't read the previous series, you might be interested to [set up your own **WireGuard VPN server** using cheap ~$6 VPS]({{< ref "/tutorials/how-to-setup-your-own-wireguard-vpn-server/index.md" >}}) or [installing **WireGuard-UI** to manage your **WireGuard VPN server**]({{< ref "/tutorials/installing-wireguard-ui-to-manage-your-wireguard-vpn-server/index.md" >}}).
[WireGuard](https://www.wireguard.com/) was initially released for the **Linux kernel**, it is now _cross-platform_ (**Windows**, **macOS**, **BSD**, **iOS**, and **Android**). When you buy a **WireGuard VPN** from _VPN providers_, you will usually receive a configuration file (some providers also give you **QR Code** image). This configuration file is all you need.
[WireGuard](https://www.wireguard.com/) was initially released for the **Linux kernel**, it is now *cross-platform* (**Windows**, **macOS**, **BSD**, **iOS**, and **Android**). When you buy a **WireGuard VPN** from *VPN providers*, you will usually receive a configuration file (some providers also give you **QR Code** image). This configuration file is all you need.
For Windows, macOS, Android, and iOS, all you have to do is import the configuration file into the [official WireGuard application](https://www.wireguard.com/install/). For Linux who use `wg-quick` tool even simpler, you just have to copy the configuration file to the `/etc/wireguard` folder.
Even though the setup method is quite easy, I still want to write the steps on how to install or import the WireGuard configuration file here.
The WireGuard configuration file given by _VPN provider_ (or your **Sysadmins**) is just a text file, will usually look like this:
The WireGuard configuration file given by *VPN provider* (or your **Sysadmins**) is just a text file, will usually look like this:
```plain
[Interface]
Address = 10.10.88.5/32
@ -50,67 +65,56 @@ AllowedIPs = 0.0.0.0/0
Endpoint = xx.xx.xx0.246:51822
PersistentKeepalive = 15
```
> _Parts of IP address from `[Peer] Endpoint` above removed for privacy and security reason._
## iPhone / iOS
Download [official WireGuard client for iOS from App Store](https://apps.apple.com/us/app/wireguard/id1441195209?ls=1), make sure that the app comes from **"[WireGuard Development Team](https://apps.apple.com/us/developer/wireguard-development-team/id1441195208)"**.
You can import configuration file by pressing <kbd>+</kbd> button from the top right of the app.
### Using QR Code
1. If your VPN provider gives you **QR Code** image for your configuration, choose **"Create from QR code"** and scan your WireGuard configuration QR Code.
2. When promoted to enter **name of the scanned tunnel** ([_example image_](wg-ios1.png)), fill with anything you can easily remember. _Avoid using character other than `-` and `[a-z]`_. Your new VPN connection profile will be added to your WireGuard app.
2. When promoted to enter **name of the scanned tunnel** ([*example image*](wg-ios1.png)), fill with anything you can easily remember. *Avoid using character other than `-` and `[a-z]`*. Your new VPN connection profile will be added to your WireGuard app.
### Using import file or archive
1. To import configuration from `.conf` file, you need to download the configuration file to your device.
2. After configuration file is downloaded to your device, select **"Create from file or archive"** and pick file of your WireGuard configuration file.
_Remember to avoid using character other than `-` and `[a-z]` for the interface **"name"**_.
_Remember to avoid using character other than `-` and `[a-z]` for the interface **"name"**_.
After your configuration was imported, simply tap **"Active" toggle button** of your desired VPN profile to **on** to connect [[_example image of connected WireGuard VPN in iOS app_](wg-ios2.png)].
After your configuration was imported, simply tap **"Active" toggle button** of your desired VPN profile to **on** to connect [[*example image of connected WireGuard VPN in iOS app*](wg-ios2.png)].
## Android
Download [official WireGuard client for Android from Play Store](https://play.google.com/store/apps/details?id=com.wireguard.android), make sure that the app comes from **"[WireGuard Development Team](https://play.google.com/store/apps/developer?id=WireGuard+Development+Team)"**.
You can import configuration file by pressing <kbd>+</kbd> button from the bottom right of the app.
### Using QR Code
1. If your _VPN provider_ gives you **QR Code** image for your configuration, choose **"Scan from QR code"** and scan your WireGuard configuration QR Code.
2. When promoted to enter **Tunnel Name** ([_example image_](wg-android1.png)), fill with anything you can easily remember. _Avoid using character other than `-` and `[a-z]`_. Your new VPN connection profile will be added to your WireGuard app.
1. If your *VPN provider* gives you **QR Code** image for your configuration, choose **"Scan from QR code"** and scan your WireGuard configuration QR Code.
2. When promoted to enter **Tunnel Name** ([*example image*](wg-android1.png)), fill with anything you can easily remember. _Avoid using character other than `-` and `[a-z]`_. Your new VPN connection profile will be added to your WireGuard app.
### Using import file or archive
1. To import configuration from `.conf` file, you need to download the configuration file to your device.
2. After configuration file is downloaded to your device, select **"Import from file or archive"** and pick file of your WireGuard configuration file.
_Remember to avoid using character other than `-` and `[a-z]` for the interface **"name"**_.
_Remember to avoid using character other than `-` and `[a-z]` for the interface **"name"**_.
After your configuration was imported, simply tap **"Active" toggle button** of your desired VPN profile to **on** to connect [[_example image of connected WireGuard VPN in Android app_](wg-android2.png)].
After your configuration was imported, simply tap **"Active" toggle button** of your desired VPN profile to **on** to connect [[*example image of connected WireGuard VPN in Android app*](wg-android2.png)].
## Windows and macOS
I'll put Windows and macOS in the same section because importing WireGuard config on those OSes is pretty similar. After [official WireGuard application](https://www.wireguard.com/install/) for your OS is installed:
1. Click "**Add Tunnel**" button (or it's dropdown icon) and "**Import tunnel(s) from file…**", then pick file of your WireGuard configuration file.
2. After connected to your VPN profile, try to check your IP address. Your VPN server should appear as your public IP, not your ISP IP address.
![WireGuard VPN connected on Windows](wg-windows-connected.png#center)
![WireGuard VPN connected on Windows](wg-windows-connected.png#center)
## Linux
For Linux users, you need to install `wireguard` _package_ to your system. Find how to install WireGuard package from [official WireGuard](https://www.wireguard.com/install/) site or your _distribution_ documentation page.
For Linux users, you need to install `wireguard` *package* to your system. Find how to install WireGuard package from [official WireGuard](https://www.wireguard.com/install/) site or your *distribution* documentation page.
### Using wg-quick
The easiest and simplest way to use WireGuard is using `wg-quick` tool that comes from `wireguard` _package_. Put your WireGuard configuration file from your VPN provider to `/etc/wireguard` and start WireGuard connection with:
The easiest and simplest way to use WireGuard is using `wg-quick` tool that comes from `wireguard` *package*. Put your WireGuard configuration file from your VPN provider to `/etc/wireguard` and start WireGuard connection with:
```shell
sudo systemctl start wg-quick@<interface-name>.service.
```
Replace `<interface-name>` above with filename (without the `.conf` extension) of WireGuard config given by your VPN provider.
For example, If you rename the `wg0.conf` to `wg-do1.conf` in your `/etc/wireguard` directory, you can connect to that VPN network using `sudo systemctl start wg-quick@wg-do1.service`.
@ -124,31 +128,25 @@ Try to check your WireGuard connection by check your public IP from your browser
### Using NetworkManager
**NetworkManager** on _bleeding-edge_ _distros_ such as **Arch Linux** has native support for setting up WireGuard interface.
**NetworkManager** on *bleeding-edge* *distros* such as **Arch Linux** has native support for setting up WireGuard interface.
#### Using NetworkManager TUI & GUI
![NetworkManager tui](wg-nmtui.png#center)
You can easily configure WireGuard connection and _peers_ using **NetworkManager TUI** or **GUI**. In this example, I'll use **NetworkManager GUI**.
You can easily configure WireGuard connection and *peers* using **NetworkManager TUI** or **GUI**. In this example, I'll use **NetworkManager GUI**.
1. Open your **NetworkManager** GUI, click <kbd>+</kbd> to add new connection.
2. Choose "**Import a saved VPN configuration**" and pick file of your WireGuard configuration file.
3. Then, you can change "**Connection name**" and "**Interface name**" to anything you can easily remember. But, **avoid using character other than** `-` and `[a-z]` for "**Interface name**". It won't work if you use special character like _spaces_.
3. Then, you can change "**Connection name**" and "**Interface name**" to anything you can easily remember. But, **avoid using character other than** `-` and `[a-z]` for "**Interface name**". It won't work if you use special character like *spaces*.
![NetworkManager gui](wg-nmgui.png#center)
#### Using nmcli
`nmcli` can import a `wg-quick` configuration file. For example, to import WireGuard configuration from `/etc/wireguard/t420.conf`:
```shell
nmcli connection import type wireguard file /etc/wireguard/t420.conf
```
Even though `nmcli` can create a WireGuard connection profile, but it does not support configuring peers.
The following examples configure WireGuard via the keyfile format `.nmconnection` files under `/etc/NetworkManager/system-connections/` for multiple peers and specific routes:
```plain
[connection]
id=WG-<redacted>
@ -180,11 +178,12 @@ method=manual
addr-gen-mode=stable-privacy
method=ignore
```
![nmcli WireGuard connection example](wg-nmcli.png#center)
## Notes
- You can't connect to the same VPN server from 2 or more different devices with same key. **You every device MUST have its own unique key**.
- For some operating system such as Windows, if you can't import your WireGuard configuration file from your WireGuard app, make sure that your WireGuard configuration file is ended with `.conf`.
### Additional Notes
- If you interested to [set up your own **WireGuard VPN server** using cheap ~$6 VPS]({{< ref "/tutorials/how-to-setup-your-own-wireguard-vpn-server/index.md" >}}), but have some technical difficulties; I can help you to set that up for small amount of **IDR** (_I accept **Monero XMR** for **credits** if you don't have Indonesia Rupiah_).
- To find out how to contact me, please visit [https://www.ditatompel.com/pages/contact](https://www.ditatompel.com/pages/contact).

25
content/tutorials/how-to-setup-your-own-wireguard-vpn-server/index.id.md
View file

@ -1,7 +1,6 @@
---
title: "Cara Setup VPN Server WireGuard Sendiri"
description: "Tutorial cara bagaimana men-setup server VPN WireGuard sendiri menggunakan VPS server seharga 6 dolar"
summary: "Cukup menggunakan VPS seharga _6 dolar_ per bulan, Anda bisa memiliki VPN server sendiri menggunakan WireGuard VPN."
# linkTitle:
date: 2023-06-05T19:04:57+07:00
lastmod:
@ -11,6 +10,10 @@ featured: false
pinned: true
# comments: false
nav_weight: 1000
# nav_icon:
# vendor: bootstrap
# name: toggles
# color: '#e24d0e'
series:
- WireGuard VPN
categories:
@ -22,6 +25,14 @@ tags:
- VPN
- WireGuard
images:
# menu:
# main:
# weight: 100
# params:
# icon:
# vendor: bs
# name: book
# color: '#e24d0e'
authors:
- ditatompel
- vie
@ -29,8 +40,15 @@ authors:
Cukup menggunakan VPS seharga _6 dolar_ per bulan, Anda bisa memiliki **VPN** server sendiri menggunakan **WireGuard VPN**. Ikuti caranya di artikel berikut ini untuk menginstall, dan mensetting VPS **Ubuntu 22.04** menjadi **VPN server** Anda.
## <!--more-->
Setelah [beberapa seri artikel tentang **VPN IPsec**](https://insights.ditatompel.com/en/series/ipsec-vpn/) (dalam bahasa Inggris), hari ini saya ingin berbagi bagaimana cara mensetting [**WireGuard VPN**](https://www.wireguard.com/) sebagai server VPN. Jika dibandingkan dengan [L2TP/xAuth](https://insights.ditatompel.com/en/tutorials/ipsec-l2tp-xauth-ikev2-vpn-server-auto-setup/) dan [IKEv2 VPN](https://insights.ditatompel.com/en/tutorials/set-up-ikev2-vpn-server-and-clients/) (artikel saya sebelumnya tentang **IPsec VPN** dalam bahasa Inggris), dari sisi performa, **WireGuard VPN jauh lebih unggul** karena menggunakan **UDP** dan bukan **TCP**.
{{< bs/alert info >}}
{{< bs/alert-heading "TLDR;" >}}
Jika Anda memiliki kesulitan teknis untuk melakukan setup VPN server WireGuard sendiri, {{< bs/alert-link "saya dapat membantu Anda untuk melakukannya" "https://www.fiverr.com/s/4vzPGR" >}} dengan imbalan sedikit uang.
{{< /bs/alert >}}
## Prasyarat
- Sebuah **VPS** dengan alamat IP publik.
@ -388,3 +406,8 @@ WireGuard adalah protokol VPN favorit saya. Performanya cepat dan lebih hemat _r
Ketika dikombinasikan dengan **Nginx** sebagai _reverse proxy_, Anda bahkan bisa mengekspose / server HTTP di jaringan lokal Anda yang berada dibalik **NAT**/_firewall_ ke internet.
Akan tetapi, melakukan _maintenance_ pada jaringan WireGuard yang besar bisa sangat kompleks dan susah dilakukan. Namun, ada _software_ yang dapat membantu Anda untuk membantu mengatur hal itu, salah satu contohnya adalah [Netmaker](https://www.netmaker.io/).
### Catatan Tambahan
- Jika Anda memiliki kesulitan teknis untuk melakukan _setup_ VPN server WireGuard sendiri, [saya dapat membantu Anda untuk melakukannya](https://www.fiverr.com/s/4vzPGR) dengan imbalan sedikit uang.
- Untuk dapat menghubungi saya, silahkan kunjungi [https://www.ditatompel.com/about](https://www.ditatompel.com/about).

119
content/tutorials/how-to-setup-your-own-wireguard-vpn-server/index.md
View file

@ -1,7 +1,6 @@
---
title: "How to Setup Your Own WireGuard VPN Server"
description: "How to manually setup your own WireGuard VPN server using ~$6 VPS"
summary: "This article will guide you to setting up your own WireGuard VPN server using Ubuntu 22.04 server on a cheap ~$6 VPS and use it as your internet gateway."
# linkTitle:
date: 2023-06-05T19:04:57+07:00
lastmod:
@ -10,6 +9,10 @@ noindex: false
featured: true
# comments: false
nav_weight: 1000
# nav_icon:
# vendor: bootstrap
# name: toggles
# color: '#e24d0e'
series:
- WireGuard VPN
categories:
@ -21,41 +24,56 @@ tags:
- VPN
- WireGuard
images:
# menu:
# main:
# weight: 100
# params:
# icon:
# vendor: bs
# name: book
# color: '#e24d0e'
authors:
- ditatompel
---
After [series of my IPsec VPN article](https://insights.ditatompel.com/en/series/ipsec-vpn/). Today, I want to share how to set up [**WireGuard VPN**](https://www.wireguard.com/) server. Because **WireGuard** use **UDP** instead of **TCP**, it's _extremely fast_ compared to [L2TP/xAuth]({{< ref "/tutorials/ipsec-l2tp-xauth-ikev2-vpn-server-auto-setup/index.md" >}}) and [IKEv2 VPN]({{< ref "/tutorials/set-up-ikev2-vpn-server-and-clients/index.md" >}}) (my previous **IPsec VPN** articles).
This article will guide you to setting up your own **WireGuard VPN** server using **Ubuntu 22.04** server on a **cheap ~$6 VPS** and use it as your internet gateway.
<!--more-->
---
After [series of my IPsec VPN article](https://insights.ditatompel.com/en/series/ipsec-vpn/). Today, I want to share how to set up [**WireGuard VPN**](https://www.wireguard.com/) server. Because **WireGuard** use **UDP** instead of **TCP**, it's *extremely fast* compared to [L2TP/xAuth]({{< ref "/tutorials/ipsec-l2tp-xauth-ikev2-vpn-server-auto-setup/index.md" >}}) and [IKEv2 VPN]({{< ref "/tutorials/set-up-ikev2-vpn-server-and-clients/index.md" >}}) (my previous **IPsec VPN** articles).
{{< bs/alert info >}}
{{< bs/alert-heading "TLDR;" >}}
If you have some technical difficulties setting up your own WireGuard server, {{< bs/alert-link "I can help you to setup WireGuard VPN server" "https://www.fiverr.com/s/4vzPGR" >}} for small amount of money.
{{< /bs/alert >}}
## Prerequisites
- A **VPS** with Public IP address.
- Comfortable with Linux _command-line_.
- Comfortable with Linux *command-line*.
- Basic knowledge of _**IPv4** subnetting_ (_to be honest, I'm not familiar with IPv6 subnetting, so this article is for **IPv4** only_).
It doesn't matter which _cloud provider_ you choose. In this article, I will use [**DigitalOcean**](https://m.do.co/c/42d4ba96cc94) (_referral link_) **Droplet** for my **WireGuard VPN server** (You can get your **free $200** in credit over 60 days by registering using my _referral code_).
It doesn't matter which *cloud provider* you choose. In this article, I will use [**DigitalOcean**](https://m.do.co/c/42d4ba96cc94) (*referral link*) **Droplet** for my **WireGuard VPN server** (You can get your **free $200** in credit over 60 days by registering using my *referral code*).
> _**NOTE**: You should know that **cloud providers usually charge extra amount of `$` for every GB of overuse bandwidth**. So, know your needs and your limits!_
> _VPS server I use for this article will be destroyed when this article is published._
## Deploying your new VPS (DigitalOcean Droplet, optional)
> _If you already have your own VPS running, you can skip this step and go to next step: "[Set up your WireGuard Server](#set-up-your-wireguard-server)"._
1. Go to your project and **Create new Droplet**.
2. Choose **droplet region closest to you** to avoid any potential network latency. In this example, I'll pick **Frankfurt** datacenter.
3. Select your **Droplet OS**, for this article, I'll use **Ubuntu** `22.04 LTS`.
4. Select your **Droplet size**. I'll start with basic, **1 CPU** with **1GB of RAM** and **1TB network transfer** ($6/month).
Adapt the VPS size to fit with your need to avoid extra charge of overuse bandwidth (1TB monthly transfer is enough for me).
![DigitalOcean VPS size](do1.png#center)
5. Set up your preferred _authentication method_, I **prefer using SSH public and private key** rather than _password auth_.
6. Set any other options as _default_. _I'm sure you **don't need backup and managed database options** for this setup_.
Adapt the VPS size to fit with your need to avoid extra charge of overuse bandwidth (1TB monthly transfer is enough for me).
![DigitalOcean VPS size](do1.png#center)
5. Set up your preferred *authentication method*, I **prefer using SSH public and private key** rather than *password auth*.
6. Set any other options as *default*. _I'm sure you **don't need backup and managed database options** for this setup_.
> _**WireGuard** did **NOT need high disk I/O, so NVMe disk is NOT necessary**._
## Set up your WireGuard Server
> _**IMPORTANT NOTE**: Since I'm not familiar with **IPv6** subnetting, I'll only use **IPv4**._
Once your VPS ready and running, it's recommended to update your OS first using `apt update && apt upgrade` command and `reboot` your VPS.
@ -69,39 +87,29 @@ Install WireGuard using `sudo apt install wireguard` command. Once WireGuard is
> _Tips: You can create **vanity** public key address for **WireGuard** using tool like [warner/wireguard-vanity-address](https://github.com/warner/wireguard-vanity-address)._
#### Generate Private Key
You can use `wg genkey` command to generate your private key. Place your private key to somewhere save, for example: `/etc/wireguard/do_private.key`.
```shell
wg genkey | sudo tee /etc/wireguard/do_private.key
```
Write down the output, we'll need that later to generate our WireGuard Server public key. Example of my WireGuard server private key:
```
uO0GDXBc+ZH5QsLmf+qRyCtFmUV1coadJvQp8iM0mEg=
```
Change `/etc/wireguard/do_private.key` file permission with `sudo chmod 600 /etc/wireguard/do_private.key`.
#### Generate Public Key
Now, generate server public key from previously generated private key:
```shell
sudo cat /etc/wireguard/do_private.key | wg pubkey | sudo tee /etc/wireguard/do_public.key
```
Write down the output, we'll need that later to configure WireGuard connection for _peers_ (clients). Example of my WireGuard server public key:
Write down the output, we'll need that later to configure WireGuard connection for *peers* (clients). Example of my WireGuard server public key:
```
7c023YtKepRPNNKfGsP5f2H2VtfPvVptn8Hn6jjmaz8=
```
### Configuring WireGuard Server
Before configuring your **WireGuard** server, you need to **decide your private network IP range for your WireGuard** connection (_tunnel_ interface). You should choose valid [private network IP ranges](https://en.wikipedia.org/wiki/Private_network#Private_IPv4_addresses). For example:
Before configuring your **WireGuard** server, you need to **decide your private network IP range for your WireGuard** connection (*tunnel* interface). You should choose valid [private network IP ranges](https://en.wikipedia.org/wiki/Private_network#Private_IPv4_addresses). For example:
- Between `10.0.0.0` - `10.255.255.255` (`10.0.0.0/8`)
- Between `172.16.0.0` - `172.31.255.255` (`172.16.0.0/12`)
- Between `192.168.0.0` - `192.168.255.255` (`192.168.0.0/16`)
@ -110,10 +118,9 @@ Before configuring your **WireGuard** server, you need to **decide your private
In this article, I only use **IPv4** and use `10.10.88.0/24` for my WireGuard network.
You'll also need to decide which **UDP** port WireGuard should listen to. Many _network appliance_ out there (such as **Netgate**, **QNAP**, etc.) set **UDP** port **51280** as their default WireGuard listen port. But, in this article, I'll use `UDP` port `51822`.
You'll also need to decide which **UDP** port WireGuard should listen to. Many *network appliance* out there (such as **Netgate**, **QNAP**, etc.) set **UDP** port **51280** as their default WireGuard listen port. But, in this article, I'll use `UDP` port `51822`.
Now, we have all (basic) required information for WireGuard server to run:
- Server Public IP: `xxx.xx.xx0.246`
- Server Private key: `uO0GDXBc+ZH5QsLmf+qRyCtFmUV1coadJvQp8iM0mEg=`
- Server Public Key: `7c023YtKepRPNNKfGsP5f2H2VtfPvVptn8Hn6jjmaz8=`
@ -121,7 +128,6 @@ Now, we have all (basic) required information for WireGuard server to run:
- WireGuard Network: `10.10.88.0/24`
Create file named `wg0.conf` for your WireGuard configuration under `/etc/wireguard` directory and fill with this example configuration:
```plain
# /etc/wireguard/wg0.conf
@ -131,17 +137,14 @@ Address = <YOUR_SERVER_WG_IP_ADDRESS> # This example: 10.10.88.1/24
ListenPort = <SERVER_UDP_LISTEN_PORT> # This example: 51822
SaveConfig = true
```
> _**Note**: From the configuration above, notice that I pick `10.10.88.1` as my server IP address for WireGuard network._
Replace `<YOUR_SERVER_PRIVATE_KEY>`, `<YOUR_SERVER_IP_ADDRESS>`, `<SERVER_UDP_LISTEN_PORT>` with your preferred configuration.
#### Allowing IP forward
In this article, we'll allow this WireGuard server as our default _gateway_ for _peers_ (clients), so any outgoing network traffic (except to your **LAN/WLAN** network) can go through this WireGuard server. If you use WireGuard as _peer-to-peer_ connection, you don't need to do this.
In this article, we'll allow this WireGuard server as our default *gateway* for *peers* (clients), so any outgoing network traffic (except to your **LAN/WLAN** network) can go through this WireGuard server. If you use WireGuard as *peer-to-peer* connection, you don't need to do this.
Edit `/etc/sysctl.conf` and add `net.ipv4.ip_forward=1` to the end of the file, then run `sudo sysctl -p` to load the new `/etc/sysctl.conf` values.
```shell
sudo sysctl -p
```
@ -149,35 +152,29 @@ sudo sysctl -p
After that, you need to add firewall rules to allow peers (clients) to connect to server and routed properly.
#### Setting up Firewall
By default, Ubuntu system use comes with **UFW** to manage system firewall. You need to **add WireGuard listen port to firewall allow list**.
```shell
sudo ufw allow OpenSSH
sudo ufw allow proto udp to any port 51822
```
> _Note that I also add **OpenSSH** to allow list to avoid losing connection to SSH if you didn't configure / activate it before._
Replace `51822` to your configured **WireGuard listen port**.
Enable / restart your `ufw` service using:
```shell
ufw enable # to enable firewall, or
ufw reload # to reload firewall
```
Next, you need to know which network interface used by your server as its _default route_. You can use `ip route list default` to see that. Example output of my `ip route list default` command:
Next, you need to know which network interface used by your server as its *default route*. You can use `ip route list default` to see that. Example output of my `ip route list default` command:
```plain
default via 164.90.160.1 dev eth0 proto static
```
Write down the word after `dev` output, that's your default network interface. We will need that information later. In this example, my default network interface is `eth0`.
Now add this following configuration to your `/etc/wireguard/wg0.conf` under `[Interface]` section:
```plain
PostUp = ufw route allow in on wg0 out on eth0
PostUp = iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
@ -188,7 +185,6 @@ PreDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
Replace `eth0` from above configuration with your server default network interface.
Your `/etc/wireguard/wg0.conf` should look like this:
```plain
# /etc/wireguard/wg0.conf
@ -205,7 +201,6 @@ PreDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
```
Now our WireGuard server is ready. Try to start your WireGuard server using `wg-quick` (via `systemd`):
```shell
sudo systemctl start wg-quick@wg0.service
```
@ -244,54 +239,42 @@ Jun 05 14:52:31 fra1-do1 systemd[1]: Finished WireGuard via wg-quick(8) for wg0.
To automatically start WireGuard service when the system start, you can execute `sudo systemctl enable wg-quick@wg0.service` command.
## Setup WireGuard Peer (_client_)
## Setup WireGuard Peer (*client*)
In this section, I'll use Linux machine using `wg-quick` via `systemd` as an example to connect to our configured WireGuard server. For other method such as connecting using **NetworkManager** GUI, Different OS and mobile devices, you can read my next article: "[Configure WireGuard VPN Clients]({{< ref "/tutorials/configure-wireguard-vpn-clients/index.md" >}})".
Configuring WireGuard peer (client) on Linux using `systemd` is almost the same as setting up WireGuard server. The different is you didn't need to configure firewall and IP forward for peers. All you need to do is install WireGuard, create private and public key, configure DNS server you want to use, add start the service.
### Generating Private and Public Key Pairs (Client Side)
If you already have your own WireGuard key pairs, you can use that keys, skip this step and go to the next step: "[Configuring WireGuard Peer (client)](#configuring-wireguard-peer-client)".
> _Tips: You can create **vanity** public key address for **WireGuard** using tool like [warner/wireguard-vanity-address](https://github.com/warner/wireguard-vanity-address)._
#### Generate Peer Private key
You can use `wg genkey` command to generate your private key. Place your private key to somewhere save, for example: `/etc/wireguard/do_private.key`.
```shell
wg genkey | sudo tee /etc/wireguard/do_private.key
```
Write down the output, we'll need that later to generate WireGuard peer public Key. Example of my WireGuard peer public key:
```
WApLrVqFvXMbvsn+62DxfQCY8rsFqmHCEFAabAeA5WY=
```
Change `/etc/wireguard/do_private.key` file permission with `sudo chmod 600 /etc/wireguard/do_private.key`.
#### Generate Peer Public Key
Generate peer public key from previously generated peer private key:
```shell
sudo cat /etc/wireguard/do_private.key | wg pubkey | sudo tee /etc/wireguard/do_public.key
```
Write down the output, we'll need that public key later to be added to our WireGuard server. Example of my WireGuard peer public key:
```
6gnV+QU7jG7BzwWrBbqiYpKQDGePYQunebkmvmFrxSk=
```
### Configuring WireGuard Peer (client)
Before configuring your **WireGuard** peer (client), you need to **decide your WireGuard private IP address for your peer** connection (_tunnel_ interface). You should use unused IP address for peer(s) from your WireGuard network IP range. In this article, `10.10.88.1/24` already used by my WireGuard server, so I can't use that IP for peer(s). I'll use `10.10.88.2/24` (or `10.10.88.2/32`) instead.
Before configuring your **WireGuard** peer (client), you need to **decide your WireGuard private IP address for your peer** connection (*tunnel* interface). You should use unused IP address for peer(s) from your WireGuard network IP range. In this article, `10.10.88.1/24` already used by my WireGuard server, so I can't use that IP for peer(s). I'll use `10.10.88.2/24` (or `10.10.88.2/32`) instead.
Now, we have all (basic) required information for WireGuard peer (client) to run:
- Server Public IP: `xxx.xx.xx0.246`
- Server Public Key: `7c023YtKepRPNNKfGsP5f2H2VtfPvVptn8Hn6jjmaz8=`
- Server Listen Port: `UDP` port `51822`
@ -299,7 +282,6 @@ Now, we have all (basic) required information for WireGuard peer (client) to run
- Client IP address: `10.10.88.2/24`
Create file named `wg-do1.conf` for your WireGuard configuration under `/etc/wireguard` directory and fill with this configuration example:
```plain
# /etc/wireguard/wg-do1.conf
@ -318,49 +300,41 @@ PersistentKeepalive = 15
Replace `<YOUR_PEER_PRIVATE_KEY>`, `<YOUR_PEER_IP_ADDRESS>`, `<YOUR_SERVER_PUBLIC_KEY>`, `<YOUR_SERVER_PUBLIC_IP_ADDRESS>`, and `<SERVER_UDP_LISTEN_PORT>` with yours.
Note:
- `AllowedIPs` = `0.0.0.0/0` means all traffic will go through that peer (in this case, our WireGuard server).
You can specify / selective routing specific IP to specific peer (if you connected to multiple peers / servers).
For example, if you only want to route traffic to IP 1.0.0.1 and 8.8.4.4 using specific peer and use your current internet connection as default route, you can remove `0.0.0.0/0` and add `1.0.0.1/32,8.8.4.4/32` (separated by comma) to `AllowedIPs` value.
- `PersistentKeepalive` = `15` : How many seconds for peer send _ping_ to the server regularly, so the server can reach the peer sitting behind **NAT**/firewall.
You can specify / selective routing specific IP to specific peer (if you connected to multiple peers / servers).
For example, if you only want to route traffic to IP 1.0.0.1 and 8.8.4.4 using specific peer and use your current internet connection as default route, you can remove `0.0.0.0/0` and add `1.0.0.1/32,8.8.4.4/32` (separated by comma) to `AllowedIPs` value.
- `PersistentKeepalive` = `15` : How many seconds for peer send *ping* to the server regularly, so the server can reach the peer sitting behind **NAT**/firewall.
- `DNS` You can also specify DNS servers you want to use in your `DNS` configuration value.
#### Adding Peers Public Key to WireGuard Server
#### Adding Peers Public Key to WireGuard Server
you need to add every peers public key to WireGuard server configuration. This need to be done to allow peers connect to our WireGuard server. There are 2 ways to do this, depending on your server configuration.
If you're following this tutorial with `SaveConfig = true` in the server config, you can add _peer public key_ by issuing this command (in WireGuard Server):
If you're following this tutorial with `SaveConfig = true` in the server config, you can add *peer public key* by issuing this command (in WireGuard Server):
```shell
wg set wg0 peer 6gnV+QU7jG7BzwWrBbqiYpKQDGePYQunebkmvmFrxSk= allowed-ips 10.10.88.2
```
Replace `wg0` with your WireGuard server _interface_, `6gnV+QU7jG7BzwWrBbqiYpKQDGePYQunebkmvmFrxSk=` with your peer public key, and `10.10.88.2` with the IP address of that will be used by that peer.
Replace `wg0` with your WireGuard server *interface*, `6gnV+QU7jG7BzwWrBbqiYpKQDGePYQunebkmvmFrxSk=` with your peer public key, and `10.10.88.2` with the IP address of that will be used by that peer.
If your WireGuard server configuration doesn't contain `SaveConfig = true` config, all you need to do is add peers information to your WireGuard server config (`/etc/wireguard/wg0.conf`). For Example:
```plain
[Peer]
PublicKey = 6gnV+QU7jG7BzwWrBbqiYpKQDGePYQunebkmvmFrxSk=
AllowedIPs = 10.10.88.2/32
```
Replace `6gnV+QU7jG7BzwWrBbqiYpKQDGePYQunebkmvmFrxSk=` with your peer public key, and `10.10.88.2` with the IP address of that will be used by that peer.
Don't forget to restart WireGuard service every time you change `/etc/wireguard/wg0.conf` file.
```shell
sudo systemctl restart wg-quick@wg0.service
```
### Connecting to Server
Now, our peer (client) configuration is complete. You can try to connect your device to your WireGuard server using `systemd` service.
```shell
sudo systemctl start wg-quick@wg-do1.service
```
> _**Note 1**: `wg-do1` above is taken from your configuration file under `/etc/wireguard` directory (but without `.conf` file extension). If your configuration file is named `vpn-wireguard.conf`, you can start that configuration using `systemctl start wg-quick@vpn-wireguard.service`._
> _**Note 2**: By default `wg-quick` uses `resolvconf` to register new DNS entries. This will cause issues with network managers and DHCP clients that do not use `resolvconf`, as they will overwrite `/etc/resolv.conf` thus removing the DNS servers added by `wg-quick`._
@ -375,9 +349,12 @@ To verify your configurations is properly configured, try to check your public I
![What is my IP](wg-vpn-do-ip.png#center)
## Conclusion
WireGuard is my favorite VPN protocol. It's fast and less resource usage compared with other VPN protocols. It's highly configurable and works with multiple environments. Furthermore, it can be used for *peer-to-peer* connection, *client-server* connection, or creating secure *mesh network*.
WireGuard is my favorite VPN protocol. It's fast and less resource usage compared with other VPN protocols. It's highly configurable and works with multiple environments. Furthermore, it can be used for _peer-to-peer_ connection, _client-server_ connection, or creating secure _mesh network_.
When combined with **Nginx** as _reverse proxy_, you can even expose your local HTTP server (and almost any services) sitting behind **NAT**/firewall to the internet.
When combined with **Nginx** as *reverse proxy*, you can even expose your local HTTP server (and almost any services) sitting behind **NAT**/firewall to the internet.
Anyway, managing large scale of WireGuard network can be very difficult. But, there are a tool to help you to manage large scale WireGuard networks, such as [Netmaker](https://www.netmaker.io/).
### Additional Notes
- If you have some technical difficulties setting up your own WireGuard server, [I can help you to setup WireGuard VPN server](https://www.fiverr.com/s/4vzPGR) for small amount of money.
- To find out how to contact me, please visit [https://www.ditatompel.com/about](https://www.ditatompel.com/about).

242
content/tutorials/installing-wireguard-ui-to-manage-your-wireguard-vpn-server/index.id.md
View file

@ -1,7 +1,6 @@
---
title: "Menginstall WireGuard-UI untuk Mengatur WireGuard Server Anda"
description: "WireGuard-UI akan sangat mempermudah Anda dalam mengatur WireGuard peers. Artikel ini membahas langkah-langkah menginstall dan mengkonfigurasi WireGuard UI di VPS."
summary: "WireGuard-UI akan sangat mempermudah Anda dalam mengatur WireGuard peers. Artikel ini membahas langkah-langkah menginstall dan mengkonfigurasi WireGuard UI di VPS."
# linkTitle:
date: 2023-06-06T04:20:43+07:00
lastmod:
@ -25,70 +24,59 @@ tags:
- WireGuard UI
- Nginx
images:
# menu:
# main:
# weight: 100
# params:
# icon:
# vendor: bs
# name: book
# color: '#e24d0e'
authors:
- ditatompel
- vie
---
[Wireguard-UI][wireguard_ui_gh] adalah GUI berbasis website untu mmengatur
konfigurasi WireGuard server yang ditulis oleh [ngoduykhanh][ngoduykhanh]
menggunakan bahasa pemrograman **Go**. Ini bisa menjadi alternatif untuk
menginstall dan mempermudah pengatur VPN server WireGuard Anda.
WireGuard-UI akan sangat mempermudah Anda dalam mengatur **WireGuard** *peers* (*clients*). Artikel ini membahas langkah-langkah menginstall dan mengkonfigurasi WireGuard UI di VPS.
Jika Anda lebih memilih untuk menginstall WireGuard server _"from scratch"_ dan
mengatur dan mengkonfigurasi secara manual, Anda bisa mengikuti artikel saya
sebelumnya mengenai
"[Cara Setup VPN Server WireGuard Sendiri]({{< ref "/tutorials/how-to-setup-your-own-wireguard-vpn-server/index.id.md" >}})"
<!--more-->
---
[Wireguard-UI](https://github.com/ngoduykhanh/wireguard-ui) adalah GUI berbasis website untu mmengatur konfigurasi WireGuard server yang ditulis oleh [ngoduykhanh](https://github.com/ngoduykhanh) menggunakan bahasa pemrograman **Go**. Ini bisa menjadi alternatif untuk menginstall dan mempermudah pengatur VPN server WireGuard Anda.
{{< bs/alert info >}}
{{< bs/alert-heading "TLDR;" >}}
Jika Anda memiliki kesulitan teknis untuk melakukan setup VPN server WireGuard sendiri, {{< bs/alert-link "saya dapat membantu Anda untuk melakukannya" "https://www.fiverr.com/s/4vzPGR" >}} dengan imbalan sedikit uang (sudah termasuk installasi dan konfigurasi WireGuard UI, Nginx dan SSL).
{{< /bs/alert >}}
Jika Anda lebih memilih untuk menginstall WireGuard server *"from scratch"* dan mengatur dan mengkonfigurasi secara manual, Anda bisa mengikuti artikel saya sebelumnya mengenai "[Cara Setup VPN Server WireGuard Sendiri]({{< ref "/tutorials/how-to-setup-your-own-wireguard-vpn-server/index.id.md" >}})"
## Prasyarat
- Sebuah **VPS** (**Ubuntu** `22.04` atau `24.04`) dengan alamat IP
publik dan **Nginx** _webserver_ sudah terinstall di VPS tersebut.
- Nyaman dan terbiasa dengan Linux _command-line_.
- Paham dasar-dasar _subnetting_ di **IPv4** (_jujur, saya tidak begitu paham
dan berpengalaman untuk subnetting di **IPv6**, jadi artikel ini hanya
untuk **IPv4**_).
- Mampu mengkonfigurasi **Nginx** _Virtual Host_.
- Sebuah **VPS** (**Ubuntu** `22.04 LTS`) dengan alamat IP publik dan **Nginx** *webserver* sudah terinstall di VPS tersebut.
- Nyaman dan terbiasa dengan Linux *command-line*.
- Paham dasar-dasar *subnetting* di **IPv4** (_jujur, saya tidak begitu paham dan berpengalaman untuk subnetting di **IPv6**, jadi artikel ini hanya untuk **IPv4**_).
- Mampu mengkonfigurasi **Nginx** *Virtual Host*.
Pada artikel ini, tujuan kita adalah:
- _**WireGuard** daemon_ berjalan di port `51822/UDP`.
- **WireGuard UI** berjalan dari `127.0.0.1` port `5000`.
- **Nginx** bertugas sebagai _reverse proxy_ supaya **WireGuard UI** dan
WireGuard UI dapat diakses melalui protokol **HTTPS**.
{{< youtube o_JcLMjYI1A >}}
> Catatan: Video YouTube diatas tidak secara urut mengikuti artikel ini. Video
> tersebut juga menggunakan subnet yang berbeda, jadi sesuaikan sesuai
> kebutuhan.
- **Nginx** bertugas sebagai *reverse proxy* supaya **WireGuard UI** dan WireGuard UI dapat diakses melalui protokol **HTTPS**.
## Mempersiapkan Server Anda
Pertama, pastikan server sudah _up-to-date_ dan WireGuard sudah terinstall di
server Anda.
Pertama, pastikan server sudah *up-to-date* dan WireGuard sudah terinstall di server Anda.
```shell
sudo apt update && sudo apt upgrade
sudo apt install wireguard
```
Edit `/etc/sysctl.conf` dan tambahkan konfigurasi `net.ipv4.ip_forward=1` di
bagian akhir file tersebut, kemudian jalankan perintah `sudo sysctl -p`.
Edit `/etc/sysctl.conf` dan tambahkan konfigurasi `net.ipv4.ip_forward=1` di bagian akhir file tersebut, kemudian jalankan perintah `sudo sysctl -p`.
```shell
sudo sysctl -p
```
Hal tersebut perlu dilakukan supaya _kernel_ mengijinkan melakukan **IP
forwarding**.
Hal tersebut perlu dilakukan supaya *kernel* mengijinkan melakukan **IP forwarding**.
### Mengkonfigrasi Firewall
Anda perlu untuk menambahkan _port_ yang akan digunakan oleh WireGuard _daemon_
ke _allow-list firewall_ Anda. Dari bawaan distro **Ubuntu**, **UFW** sudah
terinstall dan dapat digunakan untuk mengkonfigurasi _firewall_.
Anda perlu untuk menambahkan _port_ yang akan digunakan oleh WireGuard _daemon_ ke _allow-list firewall_ Anda. Dari bawaan distro **Ubuntu**, **UFW** sudah terinstall dan dapat digunakan untuk mengkonfigurasi *firewall*.
```shell
sudo ufw allow OpenSSH
sudo ufw allow 80 comment "allow HTTP" # akan digunakan oleh Nginx
@ -96,41 +84,31 @@ sudo ufw allow 443 comment "allow HTTPS" # akan digunakan oleh Nginx
sudo ufw allow proto udp to any port 443 comment "allow QUIC" # Jika konfigurasi Nginx Anda mensupport QUIC
sudo ufw allow proto udp to any port 51822 comment "WireGuard listen port"
```
> _Perhatikan bahwa saya juga menambahkan **OpenSSH** ke allow list untuk menghindari terputusnya koneksi SSH jika sebelumnya Anda belum mengkonfigurasi / mengaktifkan UFW._
> _Perhatikan bahwa saya juga menambahkan **OpenSSH** ke allow list untuk
> menghindari terputusnya koneksi SSH jika sebelumnya Anda belum
> mengkonfigurasi atau mengaktifkan UFW._
_Enable_ / _restart_ `ufw` menggunakan perintah berikut:
*Enable* / *restart* `ufw` menggunakan perintah berikut:
```shell
sudo ufw enable # untuk enable firewall, atau
sudo ufw reload # untuk reload firewall
```
## Mendownload & Mengkonfigurasi WireGuard-UI
Download [Wireguard-UI dari halaman _latest release_-nya](https://github.com/ngoduykhanh/wireguard-ui/releases) ke server Anda (pilih sesuai dengan sistem operasi dan arsitektur CPU server Anda).
Download [Wireguard-UI dari halaman _latest release_-nya][wireguard_ui_release]
ke server Anda (pilih sesuai dengan sistem operasi dan arsitektur CPU server
Anda).
_Extract_ file `.tar.gz` yang baru saja Anda download:
*Extract* file `.tar.gz` yang baru saja Anda download:
```shell
tar -xvzf wireguard-ui-*.tar.gz
```
Buat folder `/opt/wireguard-ui` dan pindahkan `wireguard-ui` _binary_ (dari
hasil _extract_ file `.tar.gz`) ke `/opt/wireguard-ui`.
Buat folder `/opt/wireguard-ui` dan pindahkan `wireguard-ui` *binary* (dari hasil *extract* file `.tar.gz`) ke `/opt/wireguard-ui`.
```shell
mkdir /opt/wireguard-ui
mv wireguard-ui /opt/wireguard-ui/
```
Buat _environment file_ untuk WireGuard-UI. Environment file tersebut nantinya
akan dibaca dari `EnvironmentFile` melalui `systemd`:
Buat *environment file* untuk WireGuard-UI. Environment file tersebut nantinya akan dibaca dari `EnvironmentFile` melalui `systemd`:
```plain
# /opt/wireguard-ui/.env
SESSION_SECRET=<YOUR_STRONG_RANDOM_SECRET_KEY>
@ -138,69 +116,42 @@ WGUI_USERNAME=<YOUR_WIREGUARD_UI_USERNAME>
WGUI_PASSWORD=<YOUR_WIREGUARD_UI_PASSWORD>
```
Jika Anda ingin mengaktifkan fitur email, Anda perlu menambahkan setting
`SMTP_*` ke _environment variable_ diatas. Baca [WireGuard UI Environment
Variables details][wireguard_ui_env] untuk informasi lebih lanjut.
Jika Anda ingin mengaktifkan fitur email, Anda perlu menambahkan setting `SMTP_*` ke *environment variable* diatas. Baca [WireGuard UI Environment Variables details](https://github.com/ngoduykhanh/wireguard-ui#environment-variables) untuk informasi lebih lanjut.
### Menemukan Default Interface Server
Kemudian, cari tahu _network interface_ mana yang digunakan oleh server Anda
sebagai _default route_-nya. Anda bisa menggunakan perintah
`ip route list default` untuk itu. Sebagai contoh, _output_ dari perintah
`ip route list default` saya adalah:
Kemudian, cari tahu *network interface* mana yang digunakan oleh server Anda sebagai *default route*-nya. Anda bisa menggunakan perintah `ip route list default` untuk itu. Sebagai contoh, *output* dari perintah `ip route list default` saya adalah:
```plain
default via 172.xxx.xxx.201 dev eth0 proto static
default via 164.90.160.1 dev eth0 proto static
```
Catat kata setelah *output* `dev` diatas, itu adalah *default network interface* server Anda. Kita membutuhkan informasi tersebut nanti. Jika dilihat dari contoh *output* diatas, *default network interface* saya `eth0`.
Catat kata setelah _output_ `dev` diatas, itu adalah _default network
interface_ server Anda. Kita membutuhkan informasi tersebut nanti. Jika dilihat
dari contoh _output_ diatas, _default network interface_ saya `eth0`.
Buat file `/opt/wireguard-ui/postup.sh`, dan isi dengan contoh konfigurasi
berikut:
Buat file `/opt/wireguard-ui/postup.sh`, dan isi dengan contoh konfigurasi berikut:
```bash
#!/usr/bin/bash
# /opt/wireguard-ui/postup.sh
ufw route allow in on wg0 out on eth0
iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
```
*Bash script* `postup.sh` diatas akan dieksekusi saat *service* WireGuard **dijalankan (*started*)**.
_Bash script_ `postup.sh` diatas akan dieksekusi saat _service_ WireGuard
**dijalankan (_started_)**.
Buat file `/opt/wireguard-ui/postdown.sh`. dan isi dengan contoh konfigurasi
berikut:
Buat file `/opt/wireguard-ui/postdown.sh`. dan isi dengan contoh konfigurasi berikut:
```bash
#!/usr/bin/bash
# /opt/wireguard-ui/postdown.sh
ufw route delete allow in on wg0 out on eth0
iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
```
*Bash script* `postdown.sh` diatas akan dieksekusi saat *service* WireGuard **diberhentikan (*stopped*)**.
_Bash script_ `postdown.sh` diatas akan dieksekusi saat _service_ WireGuard
**diberhentikan (_stopped_)**.
Ubah `eth0` dari dua _bash script_ diatas dengan _default network interface_
Anda (_lihat pada sesi [Menemukan Default Interface
Server](#menemukan-default-interface-server) diatas_).
Kemudian, ubah _file permission_ kedua _bash script_ tersebut
(`/opt/wireguard-ui/postup.sh` and `/opt/wireguard-ui/postdown.sh`) supaya bisa
dieksekusi:
Ubah `eth0` dari dua *bash script* diatas dengan *default network interface* Anda (*lihat pada sesi [Menemukan Default Interface Server](#menemukan-default-interface-server) diatas*).
Kemudian, ubah *file permission* kedua *bash script* tersebut (`/opt/wireguard-ui/postup.sh` and `/opt/wireguard-ui/postdown.sh`) supaya bisa dieksekusi:
```shell
chmod +x /opt/wireguard-ui/post*.sh
```
### WireGuard-UI daemon SystemD
Untuk memanage **WireGuard-UI** daemon (Web UI) menggunakan `systemd`, buat
`/etc/systemd/system/wireguard-ui-daemon.service` _systemd service_ file, dan
isi dengan konfigurasi berikut:
Untuk memanage **WireGuard-UI** daemon (Web UI) menggunakan `systemd`, buat `/etc/systemd/system/wireguard-ui-daemon.service` *systemd service* file, dan isi dengan konfigurasi berikut:
```systemd
[Unit]
Description=WireGuard UI Daemon
@ -218,21 +169,15 @@ ExecStart=/opt/wireguard-ui/wireguard-ui -bind-address "127.0.0.1:5000"
[Install]
WantedBy=multi-user.target
```
> WireGuard UI daemon akan *listen* ke `127.0.0.1:5000` dengan konfigurasi `systemd` service diatas.
> WireGuard UI daemon akan _listen_ ke `127.0.0.1:5000` dengan konfigurasi
> `systemd` service diatas.
Sekarang _reload_ konfigurasi `systemd` _daemon_ dan cobalah untuk menjalankan
`wireguard-ui-daemon.service`.
Sekarang *reload* konfigurasi `systemd` *daemon* dan cobalah untuk menjalankan `wireguard-ui-daemon.service`.
```shell
sudo systemctl daemon-reload
sudo systemctl start wireguard-ui-daemon.service
```
Periksa dan pastikan `wireguard-ui-daemon.service` Anda berjalan dengan baik
dengan menggunakan perintah `systemctl status wireguard-ui-daemon.service`:
Periksa dan pastikan `wireguard-ui-daemon.service` Anda berjalan dengan baik dengan menggunakan perintah `systemctl status wireguard-ui-daemon.service`:
```plain
● wireguard-ui-daemon.service - WireGuard UI Daemon
Loaded: loaded (/etc/systemd/system/wireguard-ui-daemon.service; disabled; vendor preset: enabled)
@ -256,27 +201,15 @@ Jun 05 23:57:47 fra1-do1 wireguard-ui[4388]: Base path : /
Jun 05 23:57:49 fra1-do1 wireguard-ui[4388]: ⇨ http server started on 127.0.0.1:5000
```
Jika semuanya berjalan dengan baik, Anda bisa melihat bahwa **WireGuard-UI**
sudah _listen_ ke `127.0.0.1:5000` (tapi, untuk saat ini, Anda tidak dapat
mengakses web UI secara _remote_ sampai Anda menelesaikan sesi
"_[Mengkonfigurasi Nginx Untuk
WireGuard-UI](#mengkonfigurasi-nginx-untuk-wireguard-ui)_" dibawah).
Supaya `wireguard-ui-daemon.service` otomatis berjalan ketika server _restart_,
jalankan perintah berikut:
Jika semuanya berjalan dengan baik, Anda bisa melihat bahwa **WireGuard-UI** sudah *listen* ke `127.0.0.1:5000` (tapi, untuk saat ini, Anda tidak dapat mengakses web UI secara *remote* sampai Anda menelesaikan sesi "*[Mengkonfigurasi Nginx Untuk WireGuard-UI](#mengkonfigurasi-nginx-untuk-wireguard-ui)*" dibawah).
Supaya `wireguard-ui-daemon.service` otomatis berjalan ketika server *restart*, jalankan perintah berikut:
```shell
sudo systemctl enable wireguard-ui-daemon.service
```
### Auto Restart WireGuard Daemon
Karena **WireGuard-UI** hanya bertugas untuk _menggenerate_ konfigurasi
WireGuard, Anda perlu `systemd` _service_ lainnya untuk mendeteksi adanya
perubahan pada konfigurasi WireGuard dan melakukan _restart_ WireGuard
_service_ itu sendiri. Buat `/etc/systemd/system/wgui.service` dan isi dengan
contoh konfigurasi berikut:
Karena **WireGuard-UI** hanya bertugas untuk *menggenerate* konfigurasi WireGuard, Anda perlu `systemd` *service* lainnya untuk mendeteksi adanya perubahan pada konfigurasi WireGuard dan melakukan *restart* WireGuard *service* itu sendiri. Buat `/etc/systemd/system/wgui.service` dan isi dengan contoh konfigurasi berikut:
```systemd
[Unit]
Description=Restart WireGuard
@ -291,7 +224,6 @@ RequiredBy=wgui.path
```
Kemudian, buat `/etc/systemd/system/wgui.path`:
```systemd
[Unit]
Description=Watch /etc/wireguard/wg0.conf for changes
@ -303,8 +235,7 @@ PathModified=/etc/wireguard/wg0.conf
WantedBy=multi-user.target
```
Reload `systemd` _daemon_ dengan menjalankan perintah berikut:
Reload `systemd` *daemon* dengan menjalankan perintah berikut:
```shell
systemctl daemon-reload
systemctl enable wgui.{path,service}
@ -312,14 +243,9 @@ systemctl start wgui.{path,service}
```
### Mengkonfigurasi Nginx Untuk WireGuard-UI
Jika **Nginx** belum terinstall di server Anda, Anda perlu menginstallnya terlebih dahulu. Anda bisa menginstall Nginx mengunakan **default repositori dari Ubuntu** atau menggunakan [official Nginx repositori untuk Ubuntu](https://nginx.org/en/linux_packages.html#Ubuntu).
Jika **Nginx** belum terinstall di server Anda, Anda perlu menginstallnya
terlebih dahulu. Anda bisa menginstall Nginx mengunakan **default repositori
dari Ubuntu** atau menggunakan [official Nginx repositori untuk
Ubuntu][nginx_official_ubuntu].
Setelah Nginx terinstall, buat **Nginx virtual host server block** untuk
WireGuard UI:
Setelah Nginx terinstall, buat **Nginx virtual host server block** untuk WireGuard UI:
```nginx
server {
@ -351,33 +277,19 @@ server {
}
}
```
- Ubah `wgui.example.com` dengan nama (sub)domain Anda.
- Ubah `ssl_certificate` dan `ssl_certificate_key` dengan _SSL certificate_
Anda.
- Ubah `ssl_certificate` dan `ssl_certificate_key` dengan *SSL certificate* Anda.
Setelah itu, _restart_ Nginx menggunakan perintah `sudo systemctl restart nginx`.
Setelah itu, *restart* Nginx menggunakan perintah `sudo systemctl restart nginx`.
**Harap diperhatikan** bahwa konfigurasi Nginx _virtual server block_ diatas
adalah contoh yang **sangat _basic_**. Jika Anda memerlukan referensi
konfigurasi SSL untuk Nginx, Anda bisa menggunakan [Mozilla SSL Configuration
Generator][mozilla_ssl_config]. Jika Anda ingin menggunakan [Let's
Encrypt][letsencrypt], install `python3-certbot-nginx` dan lakukan lakukan
request untuk _SSL certificate_ Anda menggunakan perintah
`certbot --nginx -d wgui.example.com`.
**Harap diperhatikan** bahwa konfigurasi Nginx *virtual server block* diatas adalah contoh yang **sangat _basic_**. Jika Anda memerlukan referensi konfigurasi SSL untuk Nginx, Anda bisa menggunakan [Mozilla SSL Configuration Generator](https://ssl-config.mozilla.org/). Jika Anda ingin menggunakan [Let's Encrypt](https://letsencrypt.org/), install `python3-certbot-nginx` dan lakukan lakukan request untuk *SSL certificate* Anda menggunakan perintah `certbot --nginx -d wgui.example.com`.
## Menggunakan WireGuard-UI
Sekarang, setelah semua yang dibutuhkan selesai dikonfigurasi, saatnya untuk **mengkonfigurasi WireGuard menggunakan WireGuard-UI**. Kunjungi (sub)domain WireGuard UI Anda dan login menggunakan username dan password yang sudah Anda konfigurasi sebelumnya di `/etc/wireguard-ui/.env`.
Sekarang, setelah semua yang dibutuhkan selesai dikonfigurasi, saatnya untuk
**mengkonfigurasi WireGuard menggunakan WireGuard-UI**. Kunjungi (sub)domain
WireGuard UI Anda dan login menggunakan username dan password yang sudah Anda
konfigurasi sebelumnya di `/etc/wireguard-ui/.env`.
> _**CATATAN:** **Jangan** menekan **"Apply Config"** sebelum Anda selesai
> mengkonfigurasi setting WireGuard dari WireGuard UI._
> _**CATATAN:** **Jangan** menekan **"Apply Config"** sebelum Anda selesai mengkonfigurasi setting WireGuard dari WireGuard UI._
Masuk ke halaman **"WireGuard Server"** dan atur konfigurasi WireGuard, contoh:
- **Server Interface Addresses**: `10.10.88.1/24`
- **Listen Port**: `51822`
- **Post Up Script**: `/opt/wireguard-ui/postup.sh`
@ -385,35 +297,19 @@ Masuk ke halaman **"WireGuard Server"** dan atur konfigurasi WireGuard, contoh:
![WireGuard- UI Server Settings](wg-ui-server-config.png#center)
Kemudian, masuk ke halaman **"Global Settings"** dan pastikan semua konfigurasi
sudah benar (terutama **"Endpoint Address"** dan **"Wireguard Config File
Path"**).
Kemudian, masuk ke halaman **"Global Settings"** dan pastikan semua konfigurasi sudah benar (terutama **"Endpoint Address"** dan **"Wireguard Config File Path"**).
Setelah itu, cobalah untuk menekan **Apply Config**. Periksa dan pastikan
semuanya berjalan dengan baik (pengecekan dapat menggunakan perintah `wg show`
atau `ss -ulnt` dari _command-line_).
Setelah itu, cobalah untuk menekan **Apply Config**. Periksa dan pastikan semuanya berjalan dengan baik (pengecekan dapat menggunakan perintah `wg show` atau `ss -ulnt` dari *command-line*).
### Membuat Peer (client)
Membuat *peers* menggunakan WireGuard UI sangat mudah, Anda hanya perlu menekan tombol **"+ New Client"** di sisi kanan atas dan isi informasi yang diperlukan (Minimal Anda hanya perlu mengisi *field* **"Name"**).
Membuat _peers_ menggunakan WireGuard UI sangat mudah, Anda hanya perlu menekan
tombol **"+ New Client"** di sisi kanan atas dan isi informasi yang diperlukan
(Minimal Anda hanya perlu mengisi _field_ **"Name"**).
Setelah menambahkan _peers_ (_clients_), tekan tombol **"Apply Config"** dan
coba untuk melakukan koneksi ke WireGuard VPN server dari perangkat Anda. File
konfigurasi untuk perangkat Anda dapat didownload dari **WireGuard UI**. Anda
juga bisa dengan mudah mengimport konfigurasi untuk perangkat Anda menggunakan
fitur _scan_ **QR Code**.
Setelah menambahkan *peers* (*clients*), tekan tombol **"Apply Config"** dan coba untuk melakukan koneksi ke WireGuard VPN server dari perangkat Anda. File konfigurasi untuk perangkat Anda dapat didownload dari **WireGuard UI**. Anda juga bisa dengan mudah mengimport konfigurasi untuk perangkat Anda menggunakan fitur *scan* **QR Code**.
![WireGuard UI clients page](wg-ui-clients.png#center)
Apa langkah selanjutnya? Bagaimana dengan [Mengkonfigurasi WireGuard VPN
Client]({{< ref "/tutorials/configure-wireguard-vpn-clients/index.id.md" >}})?
Apa langkah selanjutnya? Bagaimana dengan [Mengkonfigurasi WireGuard VPN Client]({{< ref "/tutorials/configure-wireguard-vpn-clients/index.id.md" >}})?
[wireguard_ui_gh]: https://github.com/ngoduykhanh/wireguard-ui "WireGuard-UI GitHub Repo"
[ngoduykhanh]: https://github.com/ngoduykhanh "ngoduykhanh GitHub profile"
[wireguard_ui_release]: https://github.com/ngoduykhanh/wireguard-ui/releases "WireGuard UI release page"
[wireguard_ui_env]: https://github.com/ngoduykhanh/wireguard-ui#environment-variables "WireGuard UI environment variable"
[nginx_official_ubuntu]: https://nginx.org/en/linux_packages.html#Ubuntu "Nginx official repository for Ubuntu"
[mozilla_ssl_config]: https://ssl-config.mozilla.org/ "Mozilla SSL config"
[letsencrypt]: https://letsencrypt.org/ "LetsEncrypt Website"
## Catatan
- Jika Anda memiliki kesulitan teknis untuk melakukan *setup* VPN server WireGuard sendiri, saya dapat membantu Anda untuk melakukannya dengan imbalan sedikit uang (sudah termasuk installasi dan konfigurasi WireGuard UI, Nginx dan SSL).
- Untuk dapat menghubungi saya, silahkan kunjungi [https://www.ditatompel.com/pages/contact](https://www.ditatompel.com/pages/contact).

203
content/tutorials/installing-wireguard-ui-to-manage-your-wireguard-vpn-server/index.md
View file

@ -1,7 +1,6 @@
---
title: "Installing WireGuard-UI to Manage Your WireGuard VPN Server"
description: "To manage WireGuard peers (client) on a single server easily, you can use WireGuard-UI, a web-based user interface to manage your WireGuard setup written in Go."
summary: "To manage WireGuard peers (client) on a single server easily, you can use WireGuard-UI, a web-based user interface to manage your WireGuard setup written in Go."
# linkTitle:
date: 2023-06-06T04:20:43+07:00
lastmod:
@ -25,63 +24,58 @@ tags:
- WireGuard UI
- Nginx
images:
# menu:
# main:
# weight: 100
# params:
# icon:
# vendor: bs
# name: book
# color: '#e24d0e'
authors:
- ditatompel
---
[Wireguard-UI][wireguard_ui_gh] is a _web-based_ user interface to manage your
**WireGuard** server setup written by [ngoduykhanh][ngoduykhanh] using **Go**
programming language. This is an alternative way to install and easily manage
your WireGuard VPN server.
To manage **WireGuard** *peers* (client) on a single server easily, you can use **WireGuard-UI**, a web-based user interface to manage your WireGuard setup written in **Go**.
If you prefer to install WireGuard server _"from scratch"_ and manage it
manually, you can follow my previous article about
"[How to Set up Your Own WireGuard VPN Server]({{< ref "/tutorials/how-to-setup-your-own-wireguard-vpn-server/index.md" >}})".
<!--more-->
---
[Wireguard-UI](https://github.com/ngoduykhanh/wireguard-ui) is a *web-based* user interface to manage your **WireGuard** server setup written by [ngoduykhanh](https://github.com/ngoduykhanh) using **Go** programming language. This is an alternative way to install and easily manage your WireGuard VPN server.
{{< bs/alert info >}}
{{< bs/alert-heading "TLDR;" >}}
If you have some technical difficulties setting up your own WireGuard server, {{< bs/alert-link "I can help you to setup WireGuard VPN server" "https://www.fiverr.com/s/4vzPGR" >}} including configuring Nginx, and SSL for WireGuard UI for small amount of money.
{{< /bs/alert >}}
If you prefer to install WireGuard server *"from scratch"* and manage it manually, you can follow my previous article about "[How to Set up Your Own WireGuard VPN Server]({{< ref "/tutorials/how-to-setup-your-own-wireguard-vpn-server/index.md" >}})".
## Prerequisites
- A **VPS** (**Ubuntu** `22.04` or `24.04`) with Public IP address
- Comfortable with Linux _command-line_.
- Basic knowledge of _**IPv4** subnetting_ (_to be honest, I'm not familiar
with IPv6 subnetting, so this article is for **IPv4** only_).
- Able to configure **Nginx** _Virtual Host_.
- A **VPS** (**Ubuntu** `22.04 LTS`) with Public IP address and **Nginx** installed.
- Comfortable with Linux *command-line*.
- Basic knowledge of _**IPv4** subnetting_ (_to be honest, I'm not familiar with IPv6 subnetting, so this article is for **IPv4** only_).
- Able to configure **Nginx** *Virtual Host*.
In this guide, our goals:
- Server run _**WireGuard** daemon_ listen on port `51822/UDP`.
- **WireGuard UI** run from `127.0.0.1` on port `5000`.
- **Nginx** acts as _reverse proxy_ and serve **WireGuard UI** service using
**HTTPS**.
{{< youtube o_JcLMjYI1A >}}
> Note: The YouTube videos above are not in the order of this article. They
> also use different IPs & subnets, so adjust them to your needs.
- **Nginx** acts as *reverse proxy* and serve **WireGuard UI** service using **HTTPS**.
## Prepare Your Server
First, make sure your system is _up-to-date_ and **WireGuard is installed**
on your server.
First, make sure your system is *up-to-date* and **WireGuard is installed** on your server.
```shell
sudo apt update && sudo apt upgrade
sudo apt install wireguard
```
Edit `/etc/sysctl.conf` and add `net.ipv4.ip_forward=1` to the end of the file,
then run `sudo sysctl -p` to load the new `/etc/sysctl.conf` values.
Edit `/etc/sysctl.conf` and add `net.ipv4.ip_forward=1` to the end of the file, then run `sudo sysctl -p` to load the new `/etc/sysctl.conf` values.
```shell
sudo sysctl -p
```
This is required to allow **packet forwarding** on your server.
This is required to allow **IP forwarding** on your server.
### Setting up Firewall
By default, **Ubuntu** system use comes with **UFW** to manage system
_firewall_. You need to **add WireGuard listen port to firewall allow list**.
By default, **Ubuntu** system use comes with **UFW** to manage system *firewall*. You need to **add WireGuard listen port to firewall allow list**.
```shell
sudo ufw allow OpenSSH
sudo ufw allow 80 comment "allow HTTP" # will be used by Nginx
@ -89,40 +83,31 @@ sudo ufw allow 443 comment "allow HTTPS" # will be used by Nginx
sudo ufw allow proto udp to any port 443 comment "allow QUIC" # If your Nginx support QUIC
sudo ufw allow proto udp to any port 51822 comment "WireGuard listen port"
```
> _Note that I also add **OpenSSH** to allow list to avoid losing connection to
> SSH if you didn't configure / activate it before._
> _Note that I also add **OpenSSH** to allow list to avoid losing connection to SSH if you didn't configure / activate it before._
Enable / restart your `ufw` service using:
```shell
sudo ufw enable # to enable firewall, or
sudo ufw reload # to reload firewall
```
## Download & Configure WireGuard-UI
Download [Wireguard-UI from its latest release page][wireguard_ui_release] to
your server. Choose the one that match with your **server OS** and **CPU
architecture**.
## Download & Configure WireGuard-UI
Download [Wireguard-UI from its latest release page](https://github.com/ngoduykhanh/wireguard-ui/releases) to your server. Choose the one that match with your **server OS** and **CPU architecture**.
Extract downloaded `.tar.gz` file:
```shell
tar -xvzf wireguard-ui-*.tar.gz
```
Create new directory `/opt/wireguard-ui` and move the `wireguard-ui` _binary_
(from extracted `.tar.gz` file) to `/opt/wireguard-ui`.
Create new directory `/opt/wireguard-ui` and move the `wireguard-ui` *binary* (from extracted `.tar.gz` file) to `/opt/wireguard-ui`.
```shell
mkdir /opt/wireguard-ui
mv wireguard-ui /opt/wireguard-ui/
```
Create environment file for WireGuard-UI (This will be loaded using
`EnvironmentFile` from `systemd` unit file later):
Create environment file for WireGuard-UI (This will be loaded using `EnvironmentFile` from `systemd` unit file later):
```plain
# /opt/wireguard-ui/.env
SESSION_SECRET=<YOUR_STRONG_RANDOM_SECRET_KEY>
@ -130,65 +115,42 @@ WGUI_USERNAME=<YOUR_WIREGUARD_UI_USERNAME>
WGUI_PASSWORD=<YOUR_WIREGUARD_UI_PASSWORD>
```
If you want to enable email feature, you need to set up your `SMTP_*`
environment variable. See [WireGuard UI Environment Variables
details][wireguard_ui_env] for more information.
If you want to enable email feature, you need to set up your `SMTP_*` environment variable. See [WireGuard UI Environment Variables details](https://github.com/ngoduykhanh/wireguard-ui#environment-variables) for more information.
### Finding Server Default Interface
Then, find out which network interface used by your server as its _default
route_. You can use `ip route list default` to see that. Example output of my
`ip route list default` command:
Then, find out which network interface used by your server as its *default route*. You can use `ip route list default` to see that. Example output of my `ip route list default` command:
```plain
default via 172.xxx.xxx.201 dev eth0 proto static
default via 164.90.160.1 dev eth0 proto static
```
Write down the word after `dev` output, that's your default network interface.
We will need that information later. In this example, my default network
interface is `eth0`.
Write down the word after `dev` output, that's your default network interface. We will need that information later. In this example, my default network interface is `eth0`.
Create `/opt/wireguard-ui/postup.sh`, and fill with this example config:
```bash
#!/usr/bin/bash
# /opt/wireguard-ui/postup.sh
ufw route allow in on wg0 out on eth0
iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
```
The `postup.sh` bash script above will be executed when WireGuard service is
**started**.
The `postup.sh` bash script above will be executed when WireGuard service is **started**.
Create `/opt/wireguard-ui/postdown.sh`, and fill with this example config:
```bash
#!/usr/bin/bash
# /opt/wireguard-ui/postdown.sh
ufw route delete allow in on wg0 out on eth0
iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
```
The `postdown.sh` bash script above will be executed when WireGuard service is **stopped**.
The `postdown.sh` bash script above will be executed when WireGuard service is
**stopped**.
Replace `eth0` value from those two bash script above with your default network
interface (_see [Finding Server Default Interface
section](#finding-server-default-interface) above_).
Then, make those two bash script (`/opt/wireguard-ui/postup.sh` and
`/opt/wireguard-ui/postdown.sh`) executable:
Replace `eth0` value from those two bash script above with your default network interface (*see [Finding Server Default Interface section](#finding-server-default-interface) above*).
Then, make those two bash script (`/opt/wireguard-ui/postup.sh` and `/opt/wireguard-ui/postdown.sh`) executable:
```shell
chmod +x /opt/wireguard-ui/post*.sh
```
### WireGuard-UI daemon SystemD
To manage **WireGuard-UI** daemon (Web UI) using `systemd`, create
`/etc/systemd/system/wireguard-ui-daemon.service` systemd file, and fill with
this following configuration:
To manage **WireGuard-UI** daemon (Web UI) using `systemd`, create `/etc/systemd/system/wireguard-ui-daemon.service` systemd file, and fill with this following configuration:
```systemd
[Unit]
Description=WireGuard UI Daemon
@ -206,20 +168,15 @@ ExecStart=/opt/wireguard-ui/wireguard-ui -bind-address "127.0.0.1:5000"
[Install]
WantedBy=multi-user.target
```
The `systemd` configuration will run WireGuard UI daemon on `127.0.0.1:5000`.
Now reload your `systemd` daemon configuration and try to start
`wireguard-ui-daemon.service`.
Now reload your `systemd` daemon configuration and try to start `wireguard-ui-daemon.service`.
```shell
sudo systemctl daemon-reload
sudo systemctl start wireguard-ui-daemon.service
```
Verify your `wireguard-ui-daemon.service` is running properly by using
`systemctl status wireguard-ui-daemon.service`:
Verify your `wireguard-ui-daemon.service` is running properly by using `systemctl status wireguard-ui-daemon.service`:
```plain
● wireguard-ui-daemon.service - WireGuard UI Daemon
Loaded: loaded (/etc/systemd/system/wireguard-ui-daemon.service; disabled; vendor preset: enabled)
@ -243,24 +200,16 @@ Jun 05 23:57:47 fra1-do1 wireguard-ui[4388]: Base path : /
Jun 05 23:57:49 fra1-do1 wireguard-ui[4388]: ⇨ http server started on 127.0.0.1:5000
```
If everything works well, you can see that **WireGuard-UI** is listening on
`127.0.0.1:5000` (but, for now, you cannot access the web UI from remote
machine until you finished the _[Configuring Nginx for WireGuard-UI
section](#configuring-nginx-for-wireguard-ui)_ below).
If everything works well, you can see that **WireGuard-UI** is listening on `127.0.0.1:5000` (but, for now, you cannot access the web UI from remote machine until you finished the *[Configuring Nginx for WireGuard-UI section](#configuring-nginx-for-wireguard-ui)* below).
Make `wireguard-ui-daemon.service` run at start up:
```shell
sudo systemctl enable wireguard-ui-daemon.service
```
### Auto Restart WireGuard Daemon
Because **WireGuard-UI** only takes care of WireGuard configuration generation,
another `systemd` is required to watch for the changes and restart the
**WireGuard** service. Create `/etc/systemd/system/wgui.service` and fill with
this following example:
Because **WireGuard-UI** only takes care of WireGuard configuration generation, another `systemd` is required to watch for the changes and restart the **WireGuard** service. Create `/etc/systemd/system/wgui.service` and fill with this following example:
```systemd
[Unit]
Description=Restart WireGuard
@ -275,7 +224,6 @@ RequiredBy=wgui.path
```
Then, create `/etc/systemd/system/wgui.path`:
```systemd
[Unit]
Description=Watch /etc/wireguard/wg0.conf for changes
@ -288,7 +236,6 @@ WantedBy=multi-user.target
```
Apply `systemd` configurations changes by issuing this following commands:
```shell
systemctl daemon-reload
systemctl enable wgui.{path,service}
@ -296,13 +243,9 @@ systemctl start wgui.{path,service}
```
### Configuring Nginx for WireGuard-UI
If **Nginx** not installed on your server, you need to install it first. You can use Nginx from **Ubuntu default repository** or using [Nginx official repository for Ubuntu](https://nginx.org/en/linux_packages.html#Ubuntu).
If **Nginx** not installed on your server, you need to install it first. You
can use Nginx from **Ubuntu default repository** or using [Nginx official
repository for Ubuntu][nginx_official_ubuntu].
After Nginx installed, create **Nginx virtual host server block** for
WireGuard UI:
After Nginx installed, create **Nginx virtual host server block** for WireGuard UI:
```nginx
server {
@ -334,31 +277,19 @@ server {
}
}
```
- Replace `wgui.example.com` with your (sub)domain name.
- Replace `ssl_certificate` and `ssl_certificate_key` with your certificate
files.
- Replace `ssl_certificate` and `ssl_certificate_key` with your certificate files.
Now restart your nginx configuration `sudo systemctl restart nginx`.
**Please note** that Nginx server block configuration above is **very basic
config**. If you need recommended SSL configuration for Nginx, follow this
[Mozilla SSL Configuration Generator][mozilla_ssl_config]. If you want to use
[Let's Encrypt][letsencrypt] certificate, install `python3-certbot-nginx` and
request your certificate using `certbot --nginx -d wgui.example.com`.
**Please note** that Nginx server block configuration above is **very basic config**. If you need recommended SSL configuration for Nginx, follow this [Mozilla SSL Configuration Generator](https://ssl-config.mozilla.org/). If you want to use [Let's Encrypt](https://letsencrypt.org/) certificate, install `python3-certbot-nginx` and request your certificate using `certbot --nginx -d wgui.example.com`.
## Using WireGuard-UI
Now after configuring all those required services, it's time to **configure our WireGuard config using WireGuard-UI**. Go to your WireGuard-UI (sub)domain and login with username and password you've configured before from `/etc/wireguard-ui/.env`.
Now after configuring all those required services, it's time to **configure our
WireGuard config using WireGuard-UI**. Go to your WireGuard-UI (sub)domain and
login with username and password you've configured before from
`/etc/wireguard-ui/.env`.
> _**Do not** press **"Apply Config"** before you finished configuring your
> WireGuard setting from WireGuard UI._
> _**Do not** press **"Apply Config"** before you finished configuring your WireGuard setting from WireGuard UI._
Go to **"WireGuard Server"** page and configure WireGuard config:
- **Server Interface Addresses**: `10.10.88.1/24`
- **Listen Port**: `51822`
- **Post Up Script**: `/opt/wireguard-ui/postup.sh`
@ -366,33 +297,21 @@ Go to **"WireGuard Server"** page and configure WireGuard config:
![WireGuard-UI Server Settings](wg-ui-server-config.png#center)
Then go to **"Global Settings"**, verify that all your config is correct
(especially for **"Endpoint Address"** and **"WireGuard Config File Path"**).
Then go to **"Global Settings"**, verify that all your config is correct (especially for **"Endpoint Address"** and **"WireGuard Config File Path"**).
After that, try to **Apply** your configuration.
Verify that everything is running (try to check using `wg show` or `ss -ulnt`
from _command-line_).
Verify that everything is running (try to check using `wg show` or `ss -ulnt` from *command-line*).
### Creating Peer (client)
Creating peers using WireGuard UI is pretty simple, all you need to do is press **"+ New Client"** button from the top right of the page and fill required information. You only need to fill **"Name"** field for most use case.
Creating peers using WireGuard UI is pretty simple, all you need to do is press
**"+ New Client"** button from the top right of the page and fill required
information. You only need to fill **"Name"** field for most use case.
After adding your peers (clients), press **"Apply Config"** and try to connect
to your WireGuard VPN server from your devices. The configuration file for your
devices can be downloaded from **WireGuard UI**. You can also easily scan
configuration for your mobile devices by scanning configuration **QR code**.
After adding your peers (clients), press **"Apply Config"** and try to connect to your WireGuard VPN server from your devices. The configuration file for your devices can be downloaded from **WireGuard UI**. You can also easily scan configuration for your mobile devices by scanning configuration **QR code**.
![WireGuard UI clients page](wg-ui-clients.png#center)
What next? How about [Configure WireGuard VPN Clients]({{< ref "/tutorials/configure-wireguard-vpn-clients/index.md" >}})?
[wireguard_ui_gh]: https://github.com/ngoduykhanh/wireguard-ui "WireGuard-UI GitHub Repo"
[ngoduykhanh]: https://github.com/ngoduykhanh "ngoduykhanh GitHub profile"
[wireguard_ui_release]: https://github.com/ngoduykhanh/wireguard-ui/releases "WireGuard UI release page"
[wireguard_ui_env]: https://github.com/ngoduykhanh/wireguard-ui#environment-variables "WireGuard UI environment variable"
[nginx_official_ubuntu]: https://nginx.org/en/linux_packages.html#Ubuntu "Nginx official repository for Ubuntu"
[mozilla_ssl_config]: https://ssl-config.mozilla.org/ "Mozilla SSL config"
[letsencrypt]: https://letsencrypt.org/ "LetsEncrypt Website"
### Notes
- If you have some technical difficulties setting up your own WireGuard server, [I can help you to setup WireGuard VPN server](https://www.fiverr.com/s/4vzPGR) for small amount of money.
- To find out how to contact me, please visit [https://www.ditatompel.com/pages/contact](https://www.ditatompel.com/pages/contact).

14
go.mod
View file

@ -11,7 +11,7 @@ require (
github.com/hbstack/back-to-top v0.2.0 // indirect
github.com/hbstack/base v0.6.2 // indirect
github.com/hbstack/bigger-picture v0.10.1 // indirect
github.com/hbstack/blog v0.38.0 // indirect
github.com/hbstack/blog v0.37.4 // indirect
github.com/hbstack/blog/modules/breadcrumb v0.1.23 // indirect
github.com/hbstack/blog/modules/content-panel v0.1.21 // indirect
github.com/hbstack/blog/modules/featured-image v0.2.21 // indirect
@ -24,8 +24,8 @@ require (
github.com/hbstack/bs-tooltip v0.1.1 // indirect
github.com/hbstack/carousel v0.2.7 // indirect
github.com/hbstack/code-block-panel v0.1.2 // indirect
github.com/hbstack/content-panel v0.10.2 // indirect
github.com/hbstack/docs v0.20.1 // indirect
github.com/hbstack/content-panel v0.10.1 // indirect
github.com/hbstack/docs v0.19.0 // indirect
github.com/hbstack/docs/modules/breadcrumb v0.1.10 // indirect
github.com/hbstack/docs/modules/doc-nav v0.3.7 // indirect
github.com/hbstack/docs/modules/featured-image v0.2.8 // indirect
@ -38,7 +38,7 @@ require (
github.com/hbstack/gallery/modules/breadcrumb v0.1.1 // indirect
github.com/hbstack/giscus v0.1.1 // indirect
github.com/hbstack/hb v0.15.3 // indirect
github.com/hbstack/header v0.16.2 // indirect
github.com/hbstack/header v0.15.0 // indirect
github.com/hbstack/header/modules/language-picker v0.1.26 // indirect
github.com/hbstack/header/modules/search v0.1.37 // indirect
github.com/hbstack/header/modules/socials v0.2.2 // indirect
@ -54,7 +54,7 @@ require (
github.com/hbstack/search v0.2.2 // indirect
github.com/hbstack/slide v0.4.0 // indirect
github.com/hbstack/snackbar v0.1.2 // indirect
github.com/hbstack/socials v0.17.0 // indirect
github.com/hbstack/socials v0.16.0 // indirect
github.com/hbstack/syntax-highlighting v0.2.0 // indirect
github.com/hbstack/syntax-highlighting/styles/gruvbox v0.1.1 // indirect
github.com/hbstack/toc-scrollspy v0.2.0 // indirect
@ -88,8 +88,8 @@ require (
github.com/hugomods/seo/modules/schema v0.1.3 // indirect
github.com/hugomods/seo/modules/translations v0.1.1 // indirect
github.com/hugomods/seo/modules/twitter-cards v0.1.1 // indirect
github.com/hugomods/shortcodes v0.23.0 // indirect
github.com/hugomods/simple-icons v13.14.0+incompatible // indirect
github.com/hugomods/shortcodes v0.22.0 // indirect
github.com/hugomods/simple-icons v13.13.0+incompatible // indirect
github.com/hugomods/snackbar v0.1.2 // indirect
github.com/hugomods/workbox v0.1.0 // indirect
github.com/jakearchibald/idb v8.0.0+incompatible // indirect

28
go.sum
View file

@ -14,8 +14,8 @@ github.com/hbstack/base v0.6.2 h1:ihsxMroTujvjVnKZwueujELNXGo9gsCQdrBrJ32zkuU=
github.com/hbstack/base v0.6.2/go.mod h1:eO3xP3CJ2Dwc38+FjVqZuzmvT8dYF2D2Dw4Sx4pi9Ng=
github.com/hbstack/bigger-picture v0.10.1 h1:EgUYZgSGhl4KwKVqryf6ncB2QY4YYgOqTpDW6+5tq14=
github.com/hbstack/bigger-picture v0.10.1/go.mod h1:wZpRrOlTFrt2lO3tl9Y7cIAJbAJN1MdvRu0UsbCnkaE=
github.com/hbstack/blog v0.38.0 h1:8Q88168t8c2s8eA5DCAebJtQG8h1Zuxcrt+42I+rRmY=
github.com/hbstack/blog v0.38.0/go.mod h1:mSWZq1M68aJSjGPv+yfbduABOSNbpBJ9HAM/EIKWxfQ=
github.com/hbstack/blog v0.37.4 h1:JGPb40MVoc8f10yCs5ZrKwvlnXKsSNvDrJsB4UvQN3o=
github.com/hbstack/blog v0.37.4/go.mod h1:kPLAw+tLZGjcnaNevNjo86KS2zQNkblFLiG01qF2O1Q=
github.com/hbstack/blog/modules/breadcrumb v0.1.23 h1:MgUR88vv4cs/M1/cVBKUInFw3DcRw0W2AlmmcdhxewY=
github.com/hbstack/blog/modules/breadcrumb v0.1.23/go.mod h1:smQySqXDtUv2pP7bb+XBr+QGNFxhDGN0fLmQkOIWa5g=
github.com/hbstack/blog/modules/content-panel v0.1.21 h1:g43IVjn3O6QCQSvCbgr9iYCgZcI5XG8YAiuVPb269Ok=
@ -40,10 +40,10 @@ github.com/hbstack/carousel v0.2.7 h1:CeAYTFjFfVd8NSU0/iWLwmRwAnZBuzWn+2Own1eKkp
github.com/hbstack/carousel v0.2.7/go.mod h1:jjsMHn99vOq5Vbu9WVyPOq9vm+0NBgWuGaNW6vjumZE=
github.com/hbstack/code-block-panel v0.1.2 h1:7ZW54ZA7tBNr5oQSWrBrAvEyXfm0Usk9+Nsp7X7Xhko=
github.com/hbstack/code-block-panel v0.1.2/go.mod h1:VK2kn+hD3pr5HPz8izFAUyFG0lB/nXybe8ix5uc/LLs=
github.com/hbstack/content-panel v0.10.2 h1:rga9bbr2hiFd0Lzuq36cZQ43yvTWr2s9+VyG/B1mCrw=
github.com/hbstack/content-panel v0.10.2/go.mod h1:KwqGZkheSR7BfSBzuP13oAurMSaIh2atCeweNRFUUqA=
github.com/hbstack/docs v0.20.1 h1:v/ByBrh8lvHpZ2q5hYPt30SUwEGSHT9W64fsLs4irJQ=
github.com/hbstack/docs v0.20.1/go.mod h1:34Lnp91olEaYg2Ipbgx667U2EXz+aNRcPq7VUyYNook=
github.com/hbstack/content-panel v0.10.1 h1:DB0sg3nNWD4oy7RMCxe3xXYjAzhy3G58r6QlM324bEA=
github.com/hbstack/content-panel v0.10.1/go.mod h1:lEyMXJYCNHL6fkT260oX2FnXF6gD5Vd3EytifVuz3iQ=
github.com/hbstack/docs v0.19.0 h1:cnIbIpLtfWIEfCov6KyJzKG0SnCXOYuTThHlfLRRfow=
github.com/hbstack/docs v0.19.0/go.mod h1:C58ZH20u3yjzwcZL4emE+HIYrudHPAd94/c/xZdqp1w=
github.com/hbstack/docs/modules/breadcrumb v0.1.10 h1:Ryp68WkRdOxL2UlGNYtN5ZJUxbbHv7bWe0NdzDt2Obg=
github.com/hbstack/docs/modules/breadcrumb v0.1.10/go.mod h1:pTh43gl04dPERZZVDQ70KVU0j0Z4hmPK7GrxUfLw15s=
github.com/hbstack/docs/modules/doc-nav v0.3.7 h1:K0U0EAsYYsnOV4AGYMbbkMEJe2HrBSmuWipbpBg4V4A=
@ -68,8 +68,8 @@ github.com/hbstack/giscus v0.1.1 h1:jKbA17XjAcbD59QIDUVoFOdbi9P2WzQMtOcIpG/Znuo=
github.com/hbstack/giscus v0.1.1/go.mod h1:XElW8oNLnS0dRVFzoo9Gq8xknvz3D2PuTHC7yw9h3EE=
github.com/hbstack/hb v0.15.3 h1:Q7XKGYLJobkRYKiMd4tLmmBQDaIBX7n3f8QlwAohKvA=
github.com/hbstack/hb v0.15.3/go.mod h1:FJilVCHtkVpfXZT+Ii2OFCVeu9wQh/YGgRMuPKX5ycA=
github.com/hbstack/header v0.16.2 h1:q+C+mzsjesqKC3M4i1bl30TiCCEHhwr54k2lveFPgUU=
github.com/hbstack/header v0.16.2/go.mod h1:ruhJLStQ+YHY31W/PpcBSuvKJbWENbbB9RmNkuKnPpk=
github.com/hbstack/header v0.15.0 h1:HEeag8NJHgA3mBh2ryjc+7wcZYHxJmoZoVdvk5mmBAU=
github.com/hbstack/header v0.15.0/go.mod h1:L/d+aYCUxWqzvdGzsVUI8hWJNESs1qw4emI4Gobvda4=
github.com/hbstack/header/modules/language-picker v0.1.26 h1:iu/PtI6ckZt/6o7ekzcpFZYZEwRsNM/rxRuqRrAr0m0=
github.com/hbstack/header/modules/language-picker v0.1.26/go.mod h1:/U3czl4OdnIVkThN1hb1r0HCElgeCr4rZx0Rl/TCGME=
github.com/hbstack/header/modules/search v0.1.37 h1:V8mNq94Edah7uuWbzUJ45joo++X5yMs8NrUAUQODOtc=
@ -100,8 +100,8 @@ github.com/hbstack/slide v0.4.0 h1:rWrbEmL1bKW1VF1coMtMblDUwzMvVcm1MgvauFX6vMg=
github.com/hbstack/slide v0.4.0/go.mod h1:5LOWGyawNzSWFlW+3kuUBSrK15kottNvolEc7FVcYVg=
github.com/hbstack/snackbar v0.1.2 h1:/9R2CdWnLcOBobxzdpe30cgM1gcKJAXtbVbZtp2pgmY=
github.com/hbstack/snackbar v0.1.2/go.mod h1:4uZSGpI9ZtR9by0bA8yJW2y61sRks2W4a8VvyMluXuo=
github.com/hbstack/socials v0.17.0 h1:xa4CRhQNmN9QJzE3wVbeA2HZix4TYa8TE5FGxQT+8Zw=
github.com/hbstack/socials v0.17.0/go.mod h1:bGfRrGxVWfvwseOzJ+13vHhHpZ+e+f2z8k4ypPBhH10=
github.com/hbstack/socials v0.16.0 h1:gR7NL/EBLQzqO31Tp/ITU7jtDuyDXfNskJyLtnpU0VM=
github.com/hbstack/socials v0.16.0/go.mod h1:9pfExMNoBMnQ0JV2ODURqUQsEC/HlgUo9b3jXdrHNM4=
github.com/hbstack/syntax-highlighting v0.2.0 h1:BP5SR/AbVlJyAFtVdgYjeqVZKmncEmuplTR5R2AUbw8=
github.com/hbstack/syntax-highlighting v0.2.0/go.mod h1:6IoaM+tSIkKZblIrT1i5L3zVH68nt4UScU9JB30FQsc=
github.com/hbstack/syntax-highlighting/styles/gruvbox v0.1.1 h1:IzJlnkHGS8XhibNjUFvyV3YE7rc7WMsAhdxWZTbORI4=
@ -168,10 +168,10 @@ github.com/hugomods/seo/modules/translations v0.1.1 h1:FFgOHA5qtkHt1YuyYoLnicrka
github.com/hugomods/seo/modules/translations v0.1.1/go.mod h1:ARboWQ31UeIwpB2AiN/efWLfplTTjarZRGEgKkkg3CA=
github.com/hugomods/seo/modules/twitter-cards v0.1.1 h1:1cxNnftQ8MdajH48tB46DQ6eoCzrV1dQuVKLiKGFWwM=
github.com/hugomods/seo/modules/twitter-cards v0.1.1/go.mod h1:KA6MA3GbyQZdd3vloDgcTFBoztmqEJI8R59whcSxpf4=
github.com/hugomods/shortcodes v0.23.0 h1:ZB7bY7vvx917IkXg+ab08QD5H4biKzAsLKDMrWeoziI=
github.com/hugomods/shortcodes v0.23.0/go.mod h1:EnVopbZMNI/HeteM3Lp3phBTCRLvPSe7l142qhRFFPY=
github.com/hugomods/simple-icons v13.14.0+incompatible h1:e9sqmoq9kUVYta3mmBsnu8+Adrtm19QNSnC0q1RIs+o=
github.com/hugomods/simple-icons v13.14.0+incompatible/go.mod h1:1Lvymol7AMVY7ji/o88jMoDHHZIJ5Wc+WwNe5hjmk+U=
github.com/hugomods/shortcodes v0.22.0 h1:Qx8vNYgMyc/kAtuAJkJVazidBRZhBN3NEngJ/OEUWd4=
github.com/hugomods/shortcodes v0.22.0/go.mod h1:EnVopbZMNI/HeteM3Lp3phBTCRLvPSe7l142qhRFFPY=
github.com/hugomods/simple-icons v13.13.0+incompatible h1:C5lhhP1BJb+b15uod07ykbeoCO46ssj2//gu0X5N0cs=
github.com/hugomods/simple-icons v13.13.0+incompatible/go.mod h1:1Lvymol7AMVY7ji/o88jMoDHHZIJ5Wc+WwNe5hjmk+U=
github.com/hugomods/snackbar v0.1.2 h1:SLpfH9jlYwf81epH7DvM2XTZHo+3fXXpk6XKtxmo964=
github.com/hugomods/snackbar v0.1.2/go.mod h1:ykFm0IFibeQPuPAm8Gaa27xJS/bNZcSez4omVSl2gQ0=
github.com/hugomods/workbox v0.1.0 h1:yxuTj3gT1BNf6OitxrjxSJXfmbFBj2UTwdWr142eYFQ=