Added Wireguard README.md
This commit is contained in:
parent
a29c79c1a6
commit
a4e7d10389
|
|
@ -0,0 +1,23 @@
|
||||||
|
# WireGuard Module for VHostLoom
|
||||||
|
|
||||||
|
This optional module adds a WireGuard VPN interface (`wg0`) so you can access
|
||||||
|
private services (e.g., Stable Diffusion, Llamafile, Ollama, Forgejo SSH, etc.)
|
||||||
|
securely over a VPN, without exposing them on the public Internet.
|
||||||
|
|
||||||
|
## Overview
|
||||||
|
|
||||||
|
- WireGuard listens on `UDP 51820` on the WAN interface.
|
||||||
|
- Clients connect to the server and receive an address in a VPN subnet
|
||||||
|
(e.g., `10.20.0.0/24`).
|
||||||
|
- nftables rules restrict "private services" to be reachable **only** via the
|
||||||
|
WireGuard interface (`wg0`), while public services (Traefik on 80/443) remain
|
||||||
|
exposed on the WAN interface.
|
||||||
|
|
||||||
|
## Setup
|
||||||
|
|
||||||
|
1. **Copy and edit WireGuard config**
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo mkdir -p /etc/wireguard
|
||||||
|
sudo cp wireguard/wg0.conf.example /etc/wireguard/wg0.conf
|
||||||
|
sudo chmod 600 /etc/wireguard/wg0.conf
|
||||||
Loading…
Reference in New Issue