This repo contains some experimental scripts to setup a Wireguard NAT forward network automatically. This allows for peers to connect to not only to other peers but also NAT devices in the same network as the peer. The scripts are tested on Debian 12 but should work on most linux distributions with some basic modifications.
- Initial Setup:
sudo apt update && sudo apt upgrade
sudo apt install python3-netifaces python3-dnspython iptables python3-yaml wireguard wireguard-tools
cd /opt && sudo git clone https://github.com/JustinTimperio/WG-NAT-Bootstrap.git && cd WG-NAT-Bootstrap
sudo cp example.yaml config.yaml
- Open
config.yaml
and add your users and server information sudo python3 bootstrap.py
- Reconfiguring the server:
- Change the configuration in
config.yaml
sudo python3 bootstrap.py --reconfigure-server
- Change the configuration in
- Reconfiguring the clients:
- Add, Enable or Disable a user in
config.yaml
sudo python3 bootstrap.py --reconfigure-clients
- Add, Enable or Disable a user in
- Install
wireguard
on your host system - Copy the config file from the server located at
/etc/wireguard/clients/<NAME>.conf
- Connect:
- Linux:
- Open
/etc/wireguard/<NAME>.conf
and paste your configuration into the file sudo wg-quick up <NAME>.conf
sudo systemctl enable wg-quick@<NAME>.conf
- Open
- Windows:
- Open the Wireguard GUI and import the configuration file
- Disable the button that says "Block untunneled traffic"
- Click the toggle switch to activate the connection
- MacOS:
- Open the Wireguard GUI and import the configuration file
- Disable the button that says "Block untunneled traffic"
- Click the toggle switch to activate the connection
- Linux: