#cloud-config runcmd: - ################ - ### PASSWORD ### - Password="yourpassword" - ### 8 letters, numbers, and !-? only ### - ################ - systemctl disable firewalld - systemctl stop firewalld - systemctl disable ssh - systemctl stop ssh - ufw disable - iptables -P INPUT ACCEPT - iptables -P OUTPUT ACCEPT - iptables -P FORWARD ACCEPT - iptables -F - SERVER_PUB_NIC=$(ip route | awk 'NR==1{print$5}') #Default route is first line _usually_ - ip address add dev wg0 10.202.0.1 peer 10.202.0.2 - wget https://github.com/SmoothWAN/tinyfecVPN/releases/download/master/tinyvpn_amd64 -O /usr/bin/tinyvpn - chmod +x /usr/bin/tinyvpn - /usr/bin/tinyvpn -s -l0.0.0.0:65520 -f1:3,2:4,8:6,20:10 -k "$Password" --sub-net 10.202.0.0 --tun-mtu 65535 --disable-checksum --disable-obscure --keep-reconnect --tun-dev tinyfec0 & - ulimit -n 65535 - sysctl -w net.core.rmem_max=26214400 - sysctl -w net.core.rmem_default=26214400 - sysctl -w net.core.wmem_max=26214400 - sysctl -w net.core.wmem_default=26214400 - sysctl -w net.core.netdev_max_backlog=2048 - echo 1 > /proc/sys/net/ipv4/ip_forward - iptables -A FORWARD -i $SERVER_PUB_NIC -o tinyfec0 -j ACCEPT - iptables -A FORWARD -i tinyfec0 -j ACCEPT - iptables -t nat -A POSTROUTING -s 10.202.0.0/24 -j MASQUERADE - #Change 1024-65000 range to open lower ports, 65518 and higher is reserved, defaults adjusted for UPnP - iptables -t nat -A PREROUTING -i $SERVER_PUB_NIC -p udp --dport 1024:65000 -j DNAT --to-destination 10.202.0.2:1024-65000 - iptables -t nat -A PREROUTING -i $SERVER_PUB_NIC -p tcp --dport 1024:65000 -j DNAT --to-destination 10.202.0.2:1024-65000 cloud_final_modules: - package-update-upgrade-install - scripts-per-once - scripts-per-boot - scripts-per-instance - [scripts-user, always] - keys-to-console - phone-home - final-message #Uncomment and adjust below to enable user console login # chpasswd: # list: | # distrodefaultusername:yourpassword # expire: False