CoinCashew
CoinCashew
Coins
Wallets
CoinCashew
CoinCashew
Home
Guide: Where to Get Started
Coins
Wallets
Exchanges
Learn | via Workshops & Courses
Donations | via CoinTr.ee
About Us
Wallets
Mobile Wallets
Desktop Wallets
Hardware Wallets
Browser Wallets
Guide: Crypto Wallet Tips 101 - Do's and Don'ts
Review: Metal Bitcoin Seed Storage by jlopp
Exchanges
Exchange Directory
Guide: Dollar-cost averaging into crypto
Guide: Where to get Crypto
Guide: Earning Crypto via CashBack
DeFi
Overview: DeFi
Guides: How to DeFi
Guide: Intro to DEFI Yield Farming
Guide: How to bank your business without a Bank by Bankless
External Reading Material
Coins
Bitcoin: BTC
Ethereum: ETH
Bitcoin Cash: BCH
Litecoin: LTC
Polkadot | DOT
Cardano: ADA
Guide: How to build a Cardano Stake Pool
How to Harden Ubuntu Server
How to setup chrony
How to setup WireGuard
How to upload poolMetaData.json to Github
How to update a Stakepool
How to setup an external passive relay node
How to fix the Mnemonic staking balance bug
How to delegate to a Stakepool
Guide: How to buy ADA
Guide: Build Haskell Pool by Cardano Community
A Non-technical Guide for Running a Stakepool
Guide: How to stake ADA
Guide: Install Daedalus mainnet wallet
Binance Coin: BNB
EOS
Tezos: XTZ
Chainlink: LINK
Monero: XMR
TRON: TRX
Stellar: XLM
NEO
Cosmos: ATOM
Maker: MKR
VeChain: VET
Ontology: ONT
Basic Attention Token: BAT
HEX
Dogecoin: DOGE
Digibyte: DGB
0x: ZRX
Kyber Network: KNC
THETA
ICON: ICX
Enjin Coin: ENJ
Crypto.com: MCO
Aave: LEND
Algorand: ALGO
Decred: DCR
Komodo: KMD
REN
ZCOIN: XZC
WAVES
GRIN
BEAM
LivePeer: LPT
Edgeware: EDG
Synthetix: SNX
FunFair: FUN
Metal: MTL
Telos: TLOS
Powered by GitBook

How to setup WireGuard

WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner.

Assuming you have a block producer setup and relay node setup, this guide helps you secure and encrypt your network traffic between the two nodes with WireGuard. This minimizes the chances that your block producer is attacked or hacked. Only the relay node is public facing online and the block producer can only communicate with the relay node.

🐣 1. Install Wireguard

BlockProducer and RelayNode1
BlockProducer and RelayNode1
sudo apt install linux-headers-$(uname -r)
sudo add-apt-repository ppa:wireguard/wireguard
sudo apt-get update
sudo apt-get install wireguard -y

🗝 2. Setup Public / Private Keypair

BlockProducer
BlockProducer
sudo su
cd /etc/wireguard
umask 077
wg genkey | tee blockproducer-privatekey | wg pubkey > blockproducer-publickey
wg genkey | tee relaynode1-privatekey | wg pubkey > relaynode1-publickey

🤖 3. Configure Wireguard

Create a wg0.conf configuration file in /etc/wireguard directory. Update your Private and Public Keys accordingly. Change the Endpoint to your RelayNode's public IP or DNS address.

BlockProducer
RelayNode1
BlockProducer
# blockproducer WireGuard Configuration
[Interface]
# blockproducer address
Address = 10.0.0.1/32
# blockproducer private key
PrivateKey = SJ6ygM3csa36...+pO4XW1QU0B2M=
# blockproducer wireguard listening port
ListenPort = 51820
SaveConfig = true
# RelayNode1
[Peer]
# relaynode1's publickey
PublicKey = Rq7QEe2g3qIjDftMu...knBGS9mvJDCa4WQg=
# relaynode1's public ip address or dns address
Endpoint = relay.mydomainname.com:51820
# relaynode1's interface address
AllowedIPs = 10.0.0.2/32
# send a handshake every 21 seconds
PersistentKeepalive = 21
RelayNode1
# RelayNode1 WireGuard Configuration
[Interface]
Address = 10.0.0.2/32
PrivateKey = cF3OjVhtKJAY/rQ...LFi7ASWg=
ListenPort = 51820
SaveConfig = true
# BlockProducer
[Peer]
# blockproducer's public key
PublicKey = rZLBzslvFtEJ...JdfX4XSwk=
# blockproducer's public ip address or dns address
Endpoint = 12.34.56.78:51820
# blockproducer's interface address
AllowedIPs = 10.0.0.1/32
PersistentKeepalive = 21

🧱 Configure your firewall / port forwarding to allow port 51820 udp traffic to your node.

BlockProducer
RelayNode1
BlockProducer
ufw allow 51820/udp
# check the firewall rules
ufw verbose
RelayNode1
ufw allow 51820/udp
# check the firewall rules
ufw verbose

🔗 4. Setup autostart with systemd

Setup systemd on both your block producer and relaynode.

Add the service to systemd.

BlockProducer and RelayNode1
BlockProducer and RelayNode1
sudo systemctl enable wg-quick@wg0.service
sudo systemctl daemon-reload

Start wireguard.

BlockProducer and RelayNode1
BlockProducer and RelayNode1
sudo systemctl start wg-quick@wg0

Check the status.

BlockProducer and RelayNode1
BlockProducer and RelayNode1
sudo systemctl status wg-quick@wg0

5. Verify Connection is Working

Check the status of the interfaces by running wg

BlockProducer and RelayNode1
BlockProducer and RelayNode1
sudo wg
## Example Output
# interface: wg0
#  public key: rZLBzslvFtEJ...JdfX4XSwk=
#  private key: (hidden)
#  listening port: 51820
#peer:
#  endpoint: 12.34.56.78:51820
#  allowed ips: 10.0.0.2/32
#  latest handshake: 15 seconds ago
#  transfer: 500 KiB received, 900 KiB sent
#  persistent keepalive: every 21 seconds

Verify ping works between nodes.

BlockProducer
RelayNode1
BlockProducer
ping 10.0.0.2
RelayNode1
ping 10.0.0.1

Update and/or review your topology.json file to ensure the "addr" matches this new tunneled IP address, and not the usual public node IP address.

Example: topology.json on blockproducer { "addr": "10.0.0.2", "port": 6000, "valency": 1 },

topology.json on relaynode1 { "addr": "10.0.0.1", "port": 6000, "valency": 1 },

Congrats! Wireguard is working!

🛑 6. Stop and disable Wireguard

sudo systemctl stop wg-quick@wg0
sudo systemctl disable wg-quick@wg0.service
sudo systemctl daemon-reload
Previous
How to setup chrony
Next
How to upload poolMetaData.json to Github
Last updated 1 month ago
Edit on GitHub
Contents
1. Install Wireguard
2. Setup Public / Private Keypair
3. Configure Wireguard
4. Setup autostart with systemd
5. Verify Connection is Working
6. Stop and disable Wireguard