zkk / VPS vpn server



Installazione ed impostazione chiavi

Lato server

apt install wireguard

Dal file /etc/sysctl.d/99-sysctl.con decommentare la seguete riga:

net.ipv4.ip_forward=1

Ed eseguire le seguenti operazioni che caricano la modifica e creano chiave pubblica e privata lato server:

sysctl -w net.ipv4.ip_forward=1
umask 077 ; wg genkey > /etc/wireguard/server_priv.key
wg pubkey < /etc/wireguard/server_priv.key > /etc/wireguard/server_pub.key

Lato client (Arch)

sudo pacman -S wireguard-tools
sudo bash -c "umask 077 ; wg genkey > /etc/wireguard/client_priv.key"
sudo bash -c "wg pubkey < /etc/wireguard/client_priv.key > /etc/wireguard/client_pub.key"

Configurazione

Lato server

Creo il file /etc/wireguard/wg0.conf inserendo il seguente contenuto (ho configurato anche un ip per collegarmi tramite cellulare):

[Interface]
Address = 172.16.0.1/24
ListenPort = 51820
PrivateKey = '*******************************************='
# Firewall rules
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o enx3 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o enx3 -j MASQUERADE

[Peer]
# Client #1 details - Arch
PublicKey = '*******************************************='
# Traffic to route to this client
AllowedIPs = 172.16.0.2/32

[Peer]
# Client #1 details - Pixel8a
PublicKey = '*******************************************='
# Traffic to route to this client
AllowedIPs = 172.16.0.3/32

Ora posso fare partire la VPN lato server:

systemctl enable --now wg-quick@wg0.service

Lato client (Arch)

Come utente root devo creare il file /etc/wireguard/myvpn.conf inserendo il seguente contenuto:

[Interface]
Address = 172.16.0.2/24
PrivateKey = '*******************************************='
# Set to your desired DNS server
# DNS = 9.9.9.9

[Peer]
PublicKey = '*******************************************='
# Endpoint (server) can be a domain name or IP address
Endpoint = 195.231.80.77:51820
# Traffic to route to server
AllowedIPs = 0.0.0.0/0, ::/0

Ora posso attivare/disattivare la VPN anche lato client.

sudo wg-quick up myvpn
sudo wg-quick down myvpn

Quello che vedranno tutti sarà l’indirizzo ip del VPS.

ClamAV

apt install clamav clamav-daemon
systemctl stop clamav-freshclam
freshclam
systemctl start clamav-freshclam
systemctl enable clamav-freshclam
clamscan -r /path/to/dir
clamscan --infected --remove --recursive /path/to/dir
clamscan --infected --recursive --exclude-dir="^/sys" /