PART 1 - Buy anonymous VPS
PART 2 - Prepare Server and Client
PART 3 - Install and Configure WIREGUARD
PART 4 - Analyzing traffic
PART 5 - BTC/LN Server over WIREGUARD
PART 6 - Electrs, Blue Wallet, Lightning, Zeus
- NAT and firewall traversal persistence:
https://www.wireguard.com/quickstart/#nat-and-firewall-traversal-persistence
# install wireguard
sudo apt install wireguard
# fixes
sudo apt install resolvconf
ln -s /usr/bin/resolvectl /usr/local/bin/resolvconf
# server
sudo sysctl -p
sudo sysctl --system
# key generation
wg genkey | tee privatekey | wg pubkey > publickey
# wg0.conf - SERVER
[Interface]
PrivateKey =
Address = 10.0.0.1
ListenPort = 51820
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
PostUp = iptables -t nat -A PREROUTING -i ens3 -p tcp --dport 50002 -j DNAT --to-destination 10.0.0.2
PostUp = iptables -t nat -A PREROUTING -i ens3 -p tcp --dport 9735 -j DNAT --to-destination 10.0.0.2
PostUp = iptables -t nat -A PREROUTING -i ens3 -p tcp --dport 3001 -j DNAT --to-destination 10.0.0.2
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE
PostDown = iptables -t nat -D PREROUTING -i ens3 -p tcp --dport 50002 -j DNAT --to-destination 10.0.0.2
PostDown = iptables -t nat -D PREROUTING -i ens3 -p tcp --dport 9735 -j DNAT --to-destination 10.0.0.2
PostDown = iptables -t nat -D PREROUTING -i ens3 -p tcp --dport 3001 -j DNAT --to-destination 10.0.0.2
[Peer]
PublicKey =
AllowedIPs = 10.0.0.2/32
# wg0.conf - CLIENT
[Interface]
PrivateKey =
Address = 10.0.0.2
DNS =
[Peer]
PublicKey =
Endpoint = vps-addr:51820
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 25
# wireguard commands
wg-quick up/down wg0
sudo wg show
# service for wg0
systemctl enable --now wg-quick@wg0.service
PART 2 - Prepare Server and Client
PART 3 - Install and Configure WIREGUARD
PART 4 - Analyzing traffic
PART 5 - BTC/LN Server over WIREGUARD
PART 6 - Electrs, Blue Wallet, Lightning, Zeus
- NAT and firewall traversal persistence:
https://www.wireguard.com/quickstart/#nat-and-firewall-traversal-persistence
# install wireguard
sudo apt install wireguard
# fixes
sudo apt install resolvconf
ln -s /usr/bin/resolvectl /usr/local/bin/resolvconf
# server
sudo sysctl -p
sudo sysctl --system
# key generation
wg genkey | tee privatekey | wg pubkey > publickey
# wg0.conf - SERVER
[Interface]
PrivateKey =
Address = 10.0.0.1
ListenPort = 51820
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
PostUp = iptables -t nat -A PREROUTING -i ens3 -p tcp --dport 50002 -j DNAT --to-destination 10.0.0.2
PostUp = iptables -t nat -A PREROUTING -i ens3 -p tcp --dport 9735 -j DNAT --to-destination 10.0.0.2
PostUp = iptables -t nat -A PREROUTING -i ens3 -p tcp --dport 3001 -j DNAT --to-destination 10.0.0.2
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE
PostDown = iptables -t nat -D PREROUTING -i ens3 -p tcp --dport 50002 -j DNAT --to-destination 10.0.0.2
PostDown = iptables -t nat -D PREROUTING -i ens3 -p tcp --dport 9735 -j DNAT --to-destination 10.0.0.2
PostDown = iptables -t nat -D PREROUTING -i ens3 -p tcp --dport 3001 -j DNAT --to-destination 10.0.0.2
[Peer]
PublicKey =
AllowedIPs = 10.0.0.2/32
# wg0.conf - CLIENT
[Interface]
PrivateKey =
Address = 10.0.0.2
DNS =
[Peer]
PublicKey =
Endpoint = vps-addr:51820
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 25
# wireguard commands
wg-quick up/down wg0
sudo wg show
# service for wg0
systemctl enable --now wg-quick@wg0.service
