Corrextions

networking/vpn-wg-site-to-vps.conf

@@ -1,59 +1,59 @@
 # Description:
-# This configuration allows you to connect an OPNsense or pfSense router at hoport and connect it to a VPS IP.
+# This configuration allows you to connect an OPNsense or pfSense router at home and link it to a VPS IP.
-# It use public IP to redirect traffic to different machines behind the VPS for security reasons rather than opening ports on your hoport router.
+# It uses a public IP to redirect traffic to different machines behind the VPS for security reasons rather than opening ports on your home router.
 
 # Prerequisites:
-# - Have a VPS server at OVH or ionos with Debian
+# - Have a VPS server at OVH or Ionos with Debian
 # - Install https://github.com/angristan/wireguard-install and generate a client
-# - Know the network interface with the 'ip a' command and replace ens6 with the appropriate interface
+# - Know the network interface using the 'ip a' command and replace 'ens6' with the correct interface name
-# - Know the public address or IP addresses of the clients
+# - Know the public IP address or IP addresses of the clients
 
-# Backup of the current configuration before modifying it
+# Backup the current configuration before modifying it
 # Perform this backup before any modification
 # cp /etc/wireguard/wg0.conf /etc/wireguard/wg0.conf.bak
 
-# Modification of the WireGuard configuration
+# Modify the WireGuard configuration
 # Open the configuration file to modify it
 # nano /etc/wireguard/wg0.conf
-# Delete the columns what is between 'PrivateKey = x'and '### Client opnsense'
+# Delete the section between 'PrivateKey = x' and '### Client opnsense'
-# Replace 'add-port' with 'add-ip-public' information
+# Replace 'your-port' and 'your-public-ip' with actual port and IP information
 
-# Configuration of the WireGuard interface on the server side
+# WireGuard server side configuration
 [Interface]
 Address = 10.66.66.1/24, fd42:42:42::1/64
-ListenPort = 666
+ListenPort = your-port
 PrivateKey = x
 
 # iptables rules to apply after setting up the WireGuard interface
-PostUp = iptables -I INPUT -p udp --dport add-port -j ACCEPT
+PostUp = iptables -I INPUT -p udp --dport your-port -j ACCEPT  # Replace 'your-port' with actual port number
 PostUp = iptables -A FORWARD -i wg0 -o ens6 -j ACCEPT
 PostUp = iptables -A FORWARD -i ens6 -o wg0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
 PostUp = iptables -I FORWARD -i wg0 -s 10.66.66.0/24 -d 10.66.66.0/24 -j DROP
 
-PostUp = iptables -t nat -A POSTROUTING -s 10.66.66.2/32 -o ens6 -j SNAT --to-source add-ip-public  # NAT for outgoing traffic from the opnsense client
+PostUp = iptables -t nat -A POSTROUTING -s 10.66.66.2/32 -o ens6 -j SNAT --to-source your-public-ip  # NAT for outgoing traffic from the opnsense client
-PostUp = iptables -t nat -A PREROUTING -i ens6 -d add-ip-public -p tcp --dport 80 -j DNAT --to-destination 10.66.66.2:80  # Redirect port 80 to the opnsense client
+PostUp = iptables -t nat -A PREROUTING -i ens6 -d your-public-ip -p tcp --dport 80 -j DNAT --to-destination 10.66.66.2:80  # Redirect port 80 to the opnsense client
-PostUp = iptables -t nat -A PREROUTING -i ens6 -d add-ip-public -p tcp --dport 443 -j DNAT --to-destination 10.66.66.2:443  # Redirect port 443 to the opnsense client
+PostUp = iptables -t nat -A PREROUTING -i ens6 -d your-public-ip -p tcp --dport 443 -j DNAT --to-destination 10.66.66.2:443  # Redirect port 443 to the opnsense client
 
 # iptables rules to remove when deleting the WireGuard interface
-PostDown = iptables -D INPUT -p udp --dport add-port -j ACCEPT || true
+PostDown = iptables -D INPUT -p udp --dport your-port -j ACCEPT || true  # Replace 'your-port' with actual port number
 PostDown = iptables -D FORWARD -i wg0 -o ens6 -j ACCEPT || true
 PostDown = iptables -D FORWARD -i ens6 -o wg0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT || true
-PostDown = iptables -t nat -D POSTROUTING -s 10.66.66.2/32 -o ens6 -j SNAT --to-source add-ip-public || true
+PostDown = iptables -t nat -D POSTROUTING -s 10.66.66.2/32 -o ens6 -j SNAT --to-source your-public-ip || true
-PostDown = iptables -t nat -D PREROUTING -i ens6 -d add-ip-public -p tcp --dport 80 -j DNAT --to-destination 10.66.66.2:80 || true
+PostDown = iptables -t nat -D PREROUTING -i ens6 -d your-public-ip -p tcp --dport 80 -j DNAT --to-destination 10.66.66.2:80 || true
-PostDown = iptables -t nat -D PREROUTING -i ens6 -d add-ip-public -p tcp --dport 443 -j DNAT --to-destination 10.66.66.2:443 || true
+PostDown = iptables -t nat -D PREROUTING -i ens6 -d your-public-ip -p tcp --dport 443 -j DNAT --to-destination 10.66.66.2:443 || true
 
-### Client opnsense
+### Client opnsense Configuration
 [Peer]
 PublicKey = x
 PresharedKey = x
-AllowedIPs = 10.66.66.2/32,fd42:42:42::2/128
+AllowedIPs = 10.66.66.2/32, fd42:42:42::2/128
 
 # Restart the WireGuard service after modifying the configuration
 # sudo systemctl restart wg-quick@wg0
 # sudo systemctl status wg-quick@wg0
 
 # OPNsense configuration:
-# Follow the steps described in the OPNsense docuportntation:
+# Follow the steps described in the OPNsense documentation:
 # https://docs.opnsense.org
 # Configure port forwarding from the OPNsense router to the local IP of the WireGuard client
-# For example, forward the port from 192.168.1.x to add-ip-wglocal-1
+# For example, forward the port from 192.168.1.x to [local_ip_of_wireguard_client]