How To Config Wireguard on Linux


WireGuard is a fast and modern Opensource    VPN that has been developed by    Jason A. Donenfeld utilizes state-of-the-art cryptography. It aims to be faster, simpler,leaner, and more useful than IPsec in these article we are going to Run Wireguard on Ubuntu with APT and Also on Docker

Wireguard Advantages

  • Crosss Platform
  • state-of-the-art cryptography
  • Simple and Easy to Use
  • High Speed
  • Minimal Attack Surface


How many Line of Codes ??







How Does Wireguard Work??

Wireguard process:

Wireguard Creates a Pair of Key (Private and Public key ) for each Client that public key of client will determine in the server configuation and everyone that has the its private key can connect (if preshared key has been configured we need to specified that in server and client too )

1- Install Wireguard

					apt -y install wireguard-tools 


2- Generate Private Key for Server

					wg genkey | tee /etc/wireguard/server.key


3- Generate PublicKey for Server

					cat /etc/wireguard/server.key | wg pubkey | tee /etc/wireguard/ 


4- Generate Private Key for Client

					wg genkey | tee /etc/wireguard/client.key


5- Generate PublicKey for Client

					cat /etc/wireguard/client.key | wg pubkey | tee /etc/wireguard/ 


6- Generate PresharedKey (a value that must be equal in server and client)

					wg genpsk > /etc/wireguard/preshared-client1


7- Enable Routing Feature

					vim /etc/sysctl.conf
# line 28: uncomment to enable IP forearding

					sysctl -p 

8- Put it all together

In this step we need to put all configuration in /etc/wireguard/wg0.conf File  before configuring it  wee need to know about terms below :

Address : IP address of Tunnel

PostUP: all Commands that will execute when tunnel goes up

PostDown:  all Commands that will execute when tunnel goes Down

 Public Key : Public key of Client

 Preshared Key : a value that must be equal in server and client

AllowedIPs :  it determines what Client’s IP can Connect


wg0.conf would be like  this :

PrivateKey = aNRbw0DxW4BiWDHjnEcOVXHyRODGDF
Address =
ListenPort = 51820
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

# Client: farshad (03427e95-40c6-4611-8f94-f85271b04185)
PublicKey = KcI1nuEokkvRRsqymWPZlhYp9Q9/19hLMTcGSQspkVs=
PresharedKey = VEruDxXfm2/1PTpE7Syf4kzT0ad4gcpj6VZrsUYpxvA=
AllowedIPs =


In Client we need to download Wireguard and Put all client’s keyes in a single file and import it to wireguard client

1- Download Wireguard Client For Windows

Wireguard process:

Wireguard Creates a Pair of Key (Private and Public key ) for each Client that public key of client will determine in the server configuation and everyone that has the its private key can connect (if preshared key has been configured we need to specified that in server and client too )


2- Import configs in Wireguard

be careful  about these termination :

Address : IP address of Tunnel

Endpoint : IP Address of Wireguard Server

 PrivateKey : Client’s Private key

 Preshared Key : a value that must be equal in server and client


# private key for client generated on WireGuard server
PrivateKey = 2IcE8jDSDpHGOFBk5vEkmJ5yP7T9YHU+vr0mya+h5Ho=
# IP address for VPN interface
Address =
# specify public key for server generated on WireGuard server
PublicKey = AIUd+0cxJVkbq4M+4cVUJhHu1Nxszlz3ccidVTbCh1k=
AllowedIPs =
# specify server's global IP address:port
EndPoint =


how to install freeipa on ubuntu with docker


What is Freeipa?

FreeIPA is an integrated security information management solution combining Linux (Fedora), 389 Directory Server, MIT Kerberos, NTP, DNS, Dogtag (Certificate System). It consists of a web interface and command-line administration tools.

FreeIPA is an integrated Identity and Authentication solution for Linux/UNIX networked environments. A FreeIPA server provides centralized authentication, authorization and account information by storing data about user, groups, hosts and other objects necessary to manage the security aspects of a network of computers.

FreeIPA is built on top of well known Open Source components and standard protocols with a very strong focus on ease of management and automation of installation and configuration tasks.

Requirement :

  • Docker and Docker-compose 
  • Chrony
  • freeipa-client


Freeipa Server:

Domain : example.local

Server Hostname : freeipa.example.local

Client IP :

You can Install Freeipa Based on Docker and here is the Docker-compose  that i provide

you  just need to do

docker-compose up -d

version: '3.7'
    image: freeipa/freeipa-server:centos-8
    restart: unless-stopped
    hostname: freeipa.packops.local
      IPA_SERVER_HOSTNAME: freeipa.packops.local
      TZ: "Asia/Tehran"
    tty: true
    stdin_open: true
      - NET_ADMIN
      - /etc/localtime:/etc/localtime:ro
      - /sys/fs/cgroup:/sys/fs/cgroup:ro
      - freeipavol:/data
      - net.ipv6.conf.all.disable_ipv6=0
      - net.ipv6.conf.lo.disable_ipv6=0
      - "seccomp:unconfined"
      - -U
      - --domain=packops.local
      - --realm=packops.local
      - --http-pin=YOURPASSWORD
      - --dirsrv-pin=YOURPASSWORDe
      - --ds-password=YOURPASSWORD
      - --admin-password=YOURPASSWORD
      - --no-host-dns
      - --unattended
      - "80:80"
      - "443:443"
      - "389:389"
      - "636:636"
      - "88:88"
      - "464:464"
      - "88:88/udp"
      - "464:464/udp"
      - "123:123/udp"
      - "7389:7389"
      - "9443:9443"
      - "9444:9444"
      - "9445:9445"



Access to Freeipa Server cording to these format


Install Freeipa and  join it toYour Freeipa Server

					 apt-get install freeipa-client chrony -y
hostnamectl set-hostname node-02.example.local

ipa-client-install --hostname=`hostname -f` \
--mkhomedir \
--server=freeipa.example.local \
--domain example.local \


Output should be something Like that :

					This program will set up FreeIPA client.
Version 4.8.6

WARNING: conflicting time&date synchronization service 'ntp' will be disa                                                                                                                                          bled in favor of chronyd

Autodiscovery of servers for failover cannot work with this configuration                                                                                                                                          .
If you proceed with the installation, services will be configured to alwa                                                                                                                                          ys access the discovered server for all operations and will not fail over                                                                                                                                           to other servers in case of failure.
Proceed with fixed values and no DNS discovery? [no]: "yes"
Do you want to configure chrony with NTP server or pool address? [no]: "no"
Client hostname: "node-02.example.local"
DNS Domain: "example.local"
IPA Server: "freeipa.example.local"
BaseDN: dc=mabnadp,dc=local

					Continue to configure the system with these values? [no]: yes
Synchronizing time
No SRV records of NTP servers found and no NTP server or pool address was                                                                                                                                           provided.
Using default chrony configuration.
Attempting to sync time with chronyc.
Time synchronization was successful.
User authorized to enroll computers: admin
Password for admin@EXAMPLE.LOCAL:
Successfully retrieved CA cert
    Subject:     CN=Certificate Authority,O=MABNADP.LOCAL
    Issuer:      CN=Certificate Authority,O=MABNADP.LOCAL
    Valid From:  2021-11-22 11:33:00
    Valid Until: 2041-11-22 11:33:00

Enrolled in IPA realm MABNADP.LOCAL
Created /etc/ipa/default.conf
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm MABNADP.LOCAL
Systemwide CA database updated.
Adding SSH public key from /etc/ssh/
Adding SSH public key from /etc/ssh/
Adding SSH public key from /etc/ssh/
Adding SSH public key from /etc/ssh/
Could not update DNS SSHFP records.
SSSD enabled
Configured /etc/openldap/ldap.conf
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Configuring mabnadp.local as NIS domain.
Client configuration complete.



You Can Cache Packages , Speed UP Downloading Packages and Also Not Accessing Your Servers To the Internet By Simply Using APT Cacher-NG

					kinit admin 

Instaling Cow proxy on docker (ubuntu 20.4)

What is Cow Proxy ?

COW (Climb Over the Wall) proxy on Docker

Cow Proxy is a web proxy backed by tunnel technology. Like VPN, it hides your IP address and encrypt your traffic, but a lot easier to use.





Make a Dockerfile and Add these Variables

					FROM alpine
RUN apk update && apk add curl && apk add bash
#installing Cow Proxy
RUN curl -s -L | bash 

EXPOSE 7777/tcp


3- Make a docker-compose.yml and Paste following Parameter :

					version: "3"
    build: .
    image: cow-proxy:1
      - "8585:7777"
      - "./config-file:/root/.cow/rc"
    restart: always


3- Make a Config File that includes your Proxy User nad password

					listen =

logFile = /dev/stderr

userPasswd = user:pass


Client Side Config

Proxy setting for  your Linux

For setting up proxy settinf for yor Current User You need just to Set these Enviornment (You can do it in Terminal to but that way is not Permanent)

vim ~/.bash_profile

exprot no_proxy=localhost,, *.my.lan
You can Test your Proxy Functionality by Doing Curl with –proxy you need to receive 200 Response  code
					for ((i=1;i<=10;i++)); do curl -I --proxy  http://user:password@YOUR_PROXY_IP:8585 -vv; done
You can Clone whole Project from my Github Repository

how to install docker on ubuntu


In this Article we are going to  install docker-ce on Ubuntu 20 but before installation we should know about :

What is Docker ?

how to intall docker installing docker on ununtu how to docker compose on ubuntu

Docker is a set of platform as a service products that use OS-level virtualization to deliver software in packages called containers. Containers are isolated from one another and bundle their own software, libraries and configuration files; they can communicate with each other through well-defined

what is docker-compose ?

Compose is a tool for defining and running multi-container Docker applications. With Compose, you use a YAML file to configure your application’s services. … Run docker compose up and the Docker compose command starts and runs your entire app.



1- Setup Repository

					 sudo apt-get update

 sudo apt-get install \
    apt-transport-https \
    ca-certificates \
    curl \
    gnupg \

2- Add Docker’s official GPG key:

					 curl -fsSL | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

3- Add Docker’s official Repository :

					echo \
  "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

4- Installing  Docker

					 sudo apt-get update

 sudo apt-get install docker-ce docker-ce-cli

Installing Docker from Bash script

					wget -qO- | sh

Installing Docker-compose  from Bash script

					wget -qO- | sh