Clarifying wireguard based on feedback

wireguard-go/README.md

@@ -1,36 +1,64 @@
 # Wireguard VPN server / client
 
-### Features
+## Features
+
 1. Wireguard VPN to anywhere! Uses wireguard-go, not the kernel module.
 1. Persists through reboots and firmware updates.
 1. Tested with a Wireguard Server in AWS.
 
-### Requirements
+## Requirements
+
 1. You have successfully setup the on boot script described [here](https://github.com/boostchicken/udm-utilities/tree/master/on-boot-script)
 1. Not recommended for Wireguard newbies. Set it up on other devices first. This document does not include iptables / nat rules.
 
-### Customization
-* Update [wg0.conf](configs/wg0.conf) to match your env
+## Customization
+
+* Update [wg0.conf](configs/wg0.conf) to match your environment
+* You can use a custom interface name by changing wg0.conf to whatever you like
+* Use PostUp and PostDown in your wg.conf to execute any commands after the interface is created or destroyed
+
+## Steps
 
-### Steps
 1. Create your public and private keys
-    ```shell script
+
+    ```sh
     podman run -i --rm --net=host --name wireguard_conf masipcat/wireguard-go wg genkey > /mnt/data/wireguard/privatekey
     podman run -i --rm --net=host --name wireguard_conf masipcat/wireguard-go wg genkey < /mnt/data/wireguard/privatekey > /mnt/data/wireguard/publickey
     ```
-1. Make configurations dir
-    ```shell script
+
+2. Make a directory for your configuration
+
+    ```sh
     mkdir -p /mnt/data/wireguard
     ```
-1. Create wireguard configuration file in /mnt/data/wireguard.  Template: [wg0.conf](configs/wg0.conf)    
-1. Copy [20-wireguard.sh](on_boot.d/20-wireguard.sh) to /mnt/data/on_boot.d and update its values to reflect your environment
-1. Execute /mnt/data/on_boot.d/20-wireguard.sh
-1. If you are running a server, make the appropriate firewall rules / port forwards
+
+3. Create a [Wireguard configuration](configs/wg0.conf) in /mnt/data/wireguard.
+4. Copy [20-wireguard.sh](on_boot.d/20-wireguard.sh) to /mnt/data/on_boot.d and update its values to reflect your environment
+5. Execute /mnt/data/on_boot.d/[20-wireguard.sh](on_boot.d/20-wireguard.sh)
+6. If you are running a server, make the appropriate firewall rules / port forwards
+7. Execute the wg command in the container to verify the tunnel is up. It should look something like this.
+
+    ```sh
+    $ podman exec -it wireguard wg
+    interface: wg0
+        public key: <your public key here>
+        private key: (hidden)
+        listening port: 54321
+
+    peer: <your peers public key>
+        endpoint: 10.0.0.2:54321
+        allowed ips: 10.1.0.0/16, 10.2.0.0/16
+        latest handshake: 1 day, 14 hours, 46 minutes, 27 seconds ago
+        transfer: 138.44 MiB received, 5.00 GiB sent
+    ```
 
 ### Useful commands
-```shell script
+
+```sh
+# See interface status, see your public key
 podman exec -it wireguard wg
+# Bring up wg0
 podman exec -it wireguard wg-quick up wg0
+# Bring down wg0
 podman exec -it wireguard wg-quick down wg0
 ```
-

wireguard-go/configs/wg0.conf

@@ -1,7 +1,7 @@
 [Interface]
 # Change to map to your subnet
 Address = 10.20.0.3/24
-PrivateKey = <server privatekey>
+PrivateKey = <server private key>
 # Can be whatever port you like
 ListenPort = 51820
 

wireguard-go/on_boot.d/20-wireguard.sh

@@ -1,3 +1,10 @@
 #!/bin/sh
 
-podman run -i -d --rm --net=host --name wireguard --privileged -v /mnt/data/wireguard:/etc/wireguard -v /dev/net/tun:/dev/net/tun  -e LOG_LEVEL=info -e WG_COLOR_MODE=always masipcat/wireguard-go
+# Starts a wireguard container that is deleted after it is stopped.
+# All configs stored in /mnt/data/wireguard
+
+podman run -i -d --rm --net=host --name wireguard --privileged \
+    -v /mnt/data/wireguard:/etc/wireguard \
+    -v /dev/net/tun:/dev/net/tun \
+    -e LOG_LEVEL=info -e WG_COLOR_MODE=always \
+    masipcat/wireguard-go