Skip to content

Wireguard

OPNsense: Setting up a Wireguard router with DHCPv6 for your IPv6 subnet

  • by

The title of this post is a bit vague, so let me explain more carefully what this post is about. With this guide, you will be able to setup OPNsense and a Wireguard client that will give you both IPv4 internet (via standard NAT) and IPv6 internet via public routed IPs. The magic is to use a bridge between your LAN interface and your Wireguard interface and then setup a DHCPv6 server to assign DHCP addresses with router advertisement. This guide assumes your Wireguard server is already setup and working. There is another guide in my blog which covers setting up the server, the process… Read More »OPNsense: Setting up a Wireguard router with DHCPv6 for your IPv6 subnet

Wireguard with Pi-hole, unbound and IPv6/DNSSEC/UFW

  • by

First, follow the instructions to setup Wireguard if you haven’t already done so using my guide. You may also need to update your system: sudo apt updatesudo apt upgrade Installing Pi-hole is very simple. My preferred method is to install from Git using the instructions below. Other instructions are available at the Pi-hole website. git clone –depth 1 https://github.com/pi-hole/pi-hole.git Pi-hole cd “Pi-hole/automated install/” sudo bash basic-install.sh Installing Unbound More information about the purpose of Unbound is available on Pi-hole’s website. Essentially, Pi-hole with Unbound adds an additional layer of privacy and security to your network by lessening the possibility of a man-in-the-middle attack as well… Read More »Wireguard with Pi-hole, unbound and IPv6/DNSSEC/UFW

Setting up Wireguard on BuyVM using Ubuntu with IPv4 (NAT) and IPv6 (routed)

  • by

Background steps Start with these steps prior to configuring your server (slice). Obtain your link-local subnet First, you’ll need a link-local subnet. Run the following commands: date +%s%Ncat /var/lib/dbus/machine-id Make note of the data that follows each command. Execute the following: printf <date-code><machine-id> | sha1sum Take the ensuing string before the dash and execute the following command: printf <string> | cut -c 31- The resulting string will be 10 digits that represent your link-local IP without the initial “fd” prefix. The commands in series when executed will look like the following: jeffl@thunder:~$ date +%s%N1691408593566195307jeffl@thunder:~$ cat /var/lib/dbus/machine-id007cc62312139d9d7e0ed89a94007567jeffl@thunder:~$ printf 1691384330103279541007cc62312139d9d7e0ed89a94007567 | sha1sumbf9fac1f2453e2177384d0ef2ebb18014deef615 -jeffl@thunder:~$ printf bf9fac1f2453e2177384d0ef2ebb18014deef615 | cut… Read More »Setting up Wireguard on BuyVM using Ubuntu with IPv4 (NAT) and IPv6 (routed)