quickstart guide

[mrbluecoat]

Cool project! Is there a dsnet quickstart guide? I'm relatively new with wireguard so this could easily be user error, but here are my steps:

Server: Debian Buster

apt -t buster-backports install -y git golang-go iptables iptables-persistent netfilter-persistent

update-alternatives --set iptables /usr/sbin/iptables-legacy
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy

apt -t buster-backports -y install wireguard

mkdir /root/go && export GOPATH=/root/go

git clone https://github.com/naggie/dsnet.git

cd dsnet/cmd

go build dsnet.go

mv dsnet /usr/local/bin

cd /root

mv /root/dsnet/etc/dsnet.service /etc/systemd/system/

rm -rf /root/dsnet

echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.d/local.conf
sysctl -p /etc/sysctl.d/local.conf

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i dsnet -o eth0 -j ACCEPT

netfilter-persistent save

dsnet init

sed -i 's/"Networks.*/"Networks": ["0.0.0.0\/0"],/' /etc/dsnetconfig.json

systemctl daemon-reload

systemctl start dsnet && systemctl enable dsnet

Running systemctl status dsnet shows no errors. Good so far.

dsnet add banana > dsnet-banana.conf

I fill out the prompts and then copy the contents of dsnet-banana.conf

Client: Ubuntu 20.04

sudo su

apt install -y wireguard

cat > /etc/wireguard/wg0.conf <<EOF
{{{ PASTE CONTENTS OF DSNET-BANANA.CONF ABOVE HERE }}}
EOF

wg-quick up wg0

Wireguard loads the config and I see the wg0 interface in ip a but I can't connect to any internet site and I can't ping the server above.

Thoughts?

[mrbluecoat]

Okay, I figured it out. In my case I wanted wireguard for my LAN (which is admittedly not the typical use case for wireguard) so I had to change ExternalIP from my WAN IP to my LAN IP. Here's the new version with a little cleanup:

Server:

apt -t buster-backports install -y git golang-go iptables iptables-persistent netfilter-persistent jq qrencode

update-alternatives --set iptables /usr/sbin/iptables-legacy
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy

apt -t buster-backports -y install wireguard

mkdir /root/go && export GOPATH=/root/go

git clone https://github.com/naggie/dsnet.git

cd dsnet/cmd

go build dsnet.go

cd /root

mv /root/dsnet/cmd/dsnet /usr/local/bin
mv /root/dsnet/etc/dsnet.service /etc/systemd/system/

rm -rf dsnet go

echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.d/local.conf
sysctl -p /etc/sysctl.d/local.conf

dsnet init

IP=$(hostname -I | cut -f1 -d' ')

jq ".ExternalIP = \"$IP\"" /etc/dsnetconfig.json > result && mv result /etc/dsnetconfig.json
jq '.Networks += ["0.0.0.0/0"]' /etc/dsnetconfig.json > result && mv result /etc/dsnetconfig.json

NETWORK=$(jq -r .Network < /etc/dsnetconfig.json)
PORT=$(jq -r .ListenPort < /etc/dsnetconfig.json)

iptables -t nat -I POSTROUTING 1 -s $NETWORK -o eth0 -j MASQUERADE
iptables -I INPUT 1 -i dsnet -j ACCEPT
iptables -I FORWARD 1 -i eth0 -o dsnet -j ACCEPT
iptables -I FORWARD 1 -i dsnet -o eth0 -j ACCEPT
iptables -I INPUT 1 -i eth0 -p udp --dport $PORT -j ACCEPT

netfilter-persistent save

systemctl daemon-reload

systemctl start dsnet && systemctl enable dsnet

dsnet add banana > dsnet-banana.conf

# copy contents of dsnet-banana.conf

WORKSTATION CLIENT:

sudo su

apt install -y wireguard

# replace contents of /etc/wireguard/wg0.conf with copied dsnet-banana.conf contents above

sudo systemctl start wg-quick@wg0.service

# verify you can ping server LAN address above.  e.g. ping -c 1 10.157.108.1
# then enable wireguard on boot:

sudo systemctl enable wg-quick@wg0.service

MOBILE CLIENT:

1. On SERVER above run: qrencode -t ansiutf8 -r dsnet-banana.conf
2. Install Android or iOS app
3. Scan QR code

[naggie]

Makes sense! dsnet does assume an internet facing server. I shall update the docs to reflect that and perhaps integrate some of this. Thanks for sharing it.