• Summertime - Louis Armstrong and Ella Fitzgerald Cello Tab PDF
• Summertime - Louis Armstrong and Ella Fitzgerald Tab file for TabEdit

1. Go grab a free account if you haven’t already signed for one from Azure or you could use your AWS free compute hours with a small EC2 instance.

2. Create a the small VM that fits in the free price range

3. Set the networking rules to allow ANY traffic TCP/UDP over port 51820 (Wireguard really only used UDP though I am pretty sure). In azure you would do this by creating the Free VM (which can be created with a few clicks from that link after creating your account). Then once the VM is created and ready you and you have a status of “Your deployment is complete” you can open the “Deployment details” section and click on the Resource link of Type “Microsoft.Compute/virtumachines”.

   In the left sidebar there will be a link for Networking. Click this.

   On the networking page click “Add Inbound port rule”.

   Create a rule with the following:

      Source: Any
      Source port range: *
      Destination: Any
      Desitnation port range: 51820
      Protocal: Any
      Action: Allow
      PriorityL 380
      Name: Port_51820
      Description: Wireguard
   

4. SSH into your VM.

5. Run the following:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

# Generate public and private keys

umask 077
wg genkey | tee privatekey | wg pubkey > publickey

# Run these as root

sudo su

cat << EOF >> /etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
EOF

add-apt-repository ppa:wireguard/wireguard
apt-get update
apt-get install wireguard

echo "This is the Server Private Key:"
cat privatekey

echo "This is the Server Public Key:"
cat publickey

echo "This will be the Client Private Key if you need to generate one (using the OSX Wireguardd App?):"
wg genkey | sudo tee clientprivatekey
cat clientprivatekey

1. Now if you are using the OSX Wireguard App you will create a new “empty tunnnel” by clicking the bottom left plus button. Paste in the following replacing with your VM IP and then replace with the value from the clientprivatekey file. will be replaced with the Server Public Key:

1
2
3
4
5
6
7
8
9
10
11

[Interface]
PrivateKey = <ClientPrivateKey>
ListenPort = 21841
Address = 192.168.2.2/32
DNS = 1.1.1.1

[Peer]
PublicKey = <ServerPublicKey>
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = <IPAddressOfYourServer>:51820
PersistentKeepalive = 25

1. After replacing the values I mentioned and copying this into the Wireguard OSX App you will have a Client Public Key generated. It will be right above the text box you paste the configuration into. Take this value and replace with it. Replace with the Server Private Key that was printed out in the last set of commands you ran on the VM. The run the following on your VM:

1
2
3
4
5
6
7
8
9
10
11
12
13
14

cat << EOF >> /etc/wireguard/wg0.conf
[Interface]
Address = 192.168.2.1
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51820
PrivateKey = <PrivateKeyfromthe2ndComnmandAbove>
DNS = 1.1.1.1


[Peer]
PublicKey = <PublicKeyFromClient>
AllowedIPs = 192.168.2.2/32
EOF

You may also want to setup a firewall on your VM by running:

1
2
3

sudo ufw allow 22/tcp
sudo ufw allow 51820/udp
sudo ufw enable

This is optional.

1. It is time to start the Wiregaurd server. Run this on your VM:

1
2
3

sudo wg-quick up wg0
sudo systemctl enable wg-quick@wg0 # Set wireguard to run on system start
sudo wg show # Check the status

Note: after every change to your /etc/wiregaurd/wg0.conf file you will need to bring the wiregaurd service down and back up again:

1
2

sudo wg-quick down wg0
sudo wg-quick up wg0

1. You should now be able to go back to you Wireguard client and activate the connection. Google “What Is My IP” and verify that your IP has changed. You could then also try checking if you have DNS Leaks. Note that I am using Cloudflare DNS. I believe for a really secure VPN you would want to install DNS on your VPN as well but I have not bothered to attempt that yet.

Other resources:

Another Ubuntu based tutorial

Linode’s tutorial which I had trouble with

For remote access on OSX I was using Jump Desktop.I had this same issue with RealVNC and other remote desktop services though.

Specifically, on Catalina I ran into an issue where after installing Jump Desktop Connect. I was not able to add Jump Desktop Connect to my Security And Privacy settings to enable the Screen Recording permission.

After some grepping.I figured out that a sqlite DB exists that contains all the OSX Catalina Security and Privacy settings.

This DB can be opened with:

1

  sudo sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.db

The table of interest is called acccess.

To get some information on this table run:

1
2

  PRAGMA table_info(access);
  .schema access

And then checking out the already existing Privacy System Preferences is really helpful to figure out what is going on as well;

1

select * from access;

From the first command ().schema access), you will see it has the followign columns:

1
2
3
4
5
6
7
8
9
10
11
12

  0|service|TEXT|1||1
  1|client|TEXT|1||2
  2|client_type|INTEGER|1||3
  3|allowed|INTEGER|1||0
  4|prompt_count|INTEGER|1||0
  5|csreq|BLOB|0||0
  6|policy_id|INTEGER|0||0
  7|indirect_object_identifier_type|INTEGER|0||0
  8|indirect_object_identifier|TEXT|0||4
  9|indirect_object_code_identity|BLOB|0||0
  10|flags|INTEGER|0||0
  11|last_modified|INTEGER|1|CAST(strftime('%s','now') AS INTEGER)|0

So after figuring out the coumns in this table and with examples from pre existing rows I went about creating my own SQL queries to insert new Privacy options into System Preferences.

I then found a row for a service that had the permissions I wanted for Jump Desktop Connect

1

  kTCCServiceScreenCapture|com.apple.screensharing.agent|0|0|1||||UNUSED||0|1573525900

And then a row for Jump Desktop Connect itself:

1

  kTCCServiceAccessibility|com.p5sys.jump.connect|0|1|1|??|||UNUSED||0|1572360434

Now I have the client string I need and an example row. I duplicated the screensharing service row but switched out the Jump Desktop Connect client string and ran the following in the sqlite3 client:

1
2

  INSERT INTO access (service,client,client_type,allowed,prompt_count,csreq,policy_id,indirect_object_identifier_type,indirect_object_identifier,indirect_object_code_identity,flags,last_modified) VALUES (
  'kTCCServiceScreenCapture','com.p5sys.jump.connect',0,0,1,NULL,NULL,NULL,'UNUSED',NULL,0,1573525900);

Then I was able to open System Preferences Security and Privacy settins and enable the Screen Recording permission on the application. It finally was showing the list. I probably could also just run

1
2

  INSERT INTO access (service,client,client_type,allowed,prompt_count,csreq,policy_id,indirect_object_identifier_type,indirect_object_identifier,indirect_object_code_identity,flags,last_modified) VALUES (
  'kTCCServiceScreenCapture','com.p5sys.jump.connect',0,1,1,NULL,NULL,NULL,'UNUSED',NULL,0,1573525900);

To automatically enable this setting but I did not test this.

The other day I actually had some trouble screen sharing with Google Chrome as well. To fix this I just needed to figure out the applications “client” string:

1

com.google.Chrome

and

1

com.google.Chrome.canary

for Chrome Canary.

This I could create Screen Sharing options in the Privay preferences with:

1
2
3
4
5
6

INSERT INTO access (service,client,client_type,allowed,prompt_count,csreq,policy_id,indirect_object_identifier_type,indirect_object_identifier,indirect_object_code_identity,flags,last_modified) VALUES (
  'kTCCServiceScreenCapture','com.google.Chrome',0,0,1,NULL,NULL,NULL,'UNUSED',NULL,0,1573525900);


INSERT INTO access (service,client,client_type,allowed,prompt_count,csreq,policy_id,indirect_object_identifier_type,indirect_object_identifier,indirect_object_code_identity,flags,last_modified) VALUES (
  'kTCCServiceScreenCapture','com.google.Chrome.canary',0,0,1,NULL,NULL,NULL,'UNUSED',NULL,0,1573525900);

And I also created Accessibility options with:

1
2
3
4
5
6

INSERT INTO access (service,client,client_type,allowed,prompt_count,csreq,policy_id,indirect_object_identifier_type,indirect_object_identifier,indirect_object_code_identity,flags,last_modified) VALUES (
  'kTCCServiceAccessibility','com.google.Chrome',0,0,1,NULL,NULL,NULL,'UNUSED',NULL,0,1573525900);


INSERT INTO access (service,client,client_type,allowed,prompt_count,csreq,policy_id,indirect_object_identifier_type,indirect_object_identifier,indirect_object_code_identity,flags,last_modified) VALUES (
  'kTCCServiceAccessibility','com.google.Chrome.canary',0,0,1,NULL,NULL,NULL,'UNUSED',NULL,0,1573525900);

just in case..