# WireGuard Windows Firewall - Pr?fung und Fix Script # Als Administrator ausf?hren! Write-Host "=== WireGuard Windows Firewall - Pr?fung ===" -ForegroundColor Cyan Write-Host "" # Pr?fe ob als Administrator ausgef?hrt $isAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator) if (-not $isAdmin) { Write-Host "FEHLER: Script muss als Administrator ausgef?hrt werden!" -ForegroundColor Red Write-Host "Rechtsklick auf PowerShell -> 'Als Administrator ausf?hren'" -ForegroundColor Yellow exit 1 } Write-Host "1. Pr?fe Firewall-Status..." -ForegroundColor Green Get-NetFirewallProfile | Select-Object Name, Enabled | Format-Table -AutoSize Write-Host "" Write-Host "2. Pr?fe vorhandene WireGuard Firewall-Regeln..." -ForegroundColor Green $existingRules = Get-NetFirewallRule | Where-Object {$_.DisplayName -like "*WireGuard*" -or $_.DisplayName -like "*VPN*"} if ($existingRules) { $existingRules | Select-Object DisplayName, Enabled, Direction, Action | Format-Table -AutoSize } else { Write-Host "Keine WireGuard Firewall-Regeln gefunden" -ForegroundColor Yellow } Write-Host "" Write-Host "3. Suche WireGuard-Installationspfad..." -ForegroundColor Green $wgPath = "C:\Program Files\WireGuard\wireguard.exe" if (-not (Test-Path $wgPath)) { $wgPath = "C:\Program Files (x86)\WireGuard\wireguard.exe" } if (-not (Test-Path $wgPath)) { Write-Host "WireGuard-Programm nicht gefunden in Standardpfaden" -ForegroundColor Yellow Write-Host "Suche in anderen Pfaden..." -ForegroundColor Yellow $found = Get-ChildItem "C:\Program Files" -Recurse -Filter "wireguard.exe" -ErrorAction SilentlyContinue | Select-Object -First 1 if ($found) { $wgPath = $found.FullName Write-Host "Gefunden: $wgPath" -ForegroundColor Green } else { Write-Host "WireGuard-Programm nicht gefunden. Bitte Pfad manuell angeben." -ForegroundColor Red $wgPath = Read-Host "WireGuard-Programm-Pfad (oder Enter zum ?berspringen)" } } else { Write-Host "Gefunden: $wgPath" -ForegroundColor Green } Write-Host "" Write-Host "4. Finde WireGuard Interface..." -ForegroundColor Green $wgInterface = Get-NetAdapter | Where-Object {$_.Name -like "*grafana-test*" -or $_.Name -like "*WireGuard*"} if ($wgInterface) { Write-Host "Gefunden: $($wgInterface.Name), Index: $($wgInterface.InterfaceIndex)" -ForegroundColor Green Get-NetFirewallRule | Where-Object {$_.InterfaceIndex -eq $wgInterface.InterfaceIndex} | Select-Object DisplayName, Enabled, Direction, Action | Format-Table -AutoSize } else { Write-Host "Kein WireGuard Interface gefunden" -ForegroundColor Yellow } Write-Host "" Write-Host "=== M?chtest du Firewall-Regeln erstellen? ===" -ForegroundColor Cyan Write-Host "1. Programm-Regeln (wenn WireGuard-Pfad gefunden)" Write-Host "2. Interface-Regeln (wenn WireGuard Interface gefunden)" Write-Host "3. VPN-Netzwerk-Regeln (10.8.0.0/24)" Write-Host "4. Alle oben genannten" Write-Host "5. ?berspringen (nur pr?fen)" Write-Host "" $choice = Read-Host "W?hle Option (1-5)" switch ($choice) { "1" { if ($wgPath -and (Test-Path $wgPath)) { Write-Host "Erstelle Programm-Regeln..." -ForegroundColor Green New-NetFirewallRule -DisplayName "WireGuard VPN - Allow TCP" -Direction Outbound -Program $wgPath -Protocol TCP -Action Allow -Enabled True -ErrorAction SilentlyContinue New-NetFirewallRule -DisplayName "WireGuard VPN - Allow UDP" -Direction Outbound -Program $wgPath -Protocol UDP -Action Allow -Enabled True -ErrorAction SilentlyContinue New-NetFirewallRule -DisplayName "WireGuard VPN - Allow Inbound TCP" -Direction Inbound -Program $wgPath -Protocol TCP -Action Allow -Enabled True -ErrorAction SilentlyContinue New-NetFirewallRule -DisplayName "WireGuard VPN - Allow Inbound UDP" -Direction Inbound -Program $wgPath -Protocol UDP -Action Allow -Enabled True -ErrorAction SilentlyContinue Write-Host "Programm-Regeln erstellt" -ForegroundColor Green } else { Write-Host "Kann Programm-Regeln nicht erstellen: WireGuard-Pfad nicht gefunden" -ForegroundColor Red } } "2" { if ($wgInterface) { Write-Host "Erstelle Interface-Regeln..." -ForegroundColor Green $ifIndex = $wgInterface.InterfaceIndex New-NetFirewallRule -DisplayName "WireGuard Interface $($wgInterface.Name) - Allow Outbound" -Direction Outbound -InterfaceIndex $ifIndex -Action Allow -Enabled True -ErrorAction SilentlyContinue New-NetFirewallRule -DisplayName "WireGuard Interface $($wgInterface.Name) - Allow Inbound" -Direction Inbound -InterfaceIndex $ifIndex -Action Allow -Enabled True -ErrorAction SilentlyContinue Write-Host "Interface-Regeln erstellt" -ForegroundColor Green } else { Write-Host "Kann Interface-Regeln nicht erstellen: WireGuard Interface nicht gefunden" -ForegroundColor Red } } "3" { Write-Host "Erstelle VPN-Netzwerk-Regeln..." -ForegroundColor Green New-NetFirewallRule -DisplayName "WireGuard VPN Network - Allow Outbound TCP" -Direction Outbound -RemoteAddress "10.8.0.0/24" -Protocol TCP -Action Allow -Enabled True -ErrorAction SilentlyContinue New-NetFirewallRule -DisplayName "WireGuard VPN Network - Allow Outbound UDP" -Direction Outbound -RemoteAddress "10.8.0.0/24" -Protocol UDP -Action Allow -Enabled True -ErrorAction SilentlyContinue New-NetFirewallRule -DisplayName "WireGuard VPN Network - Allow Inbound TCP" -Direction Inbound -RemoteAddress "10.8.0.0/24" -Protocol TCP -Action Allow -Enabled True -ErrorAction SilentlyContinue New-NetFirewallRule -DisplayName "WireGuard VPN Network - Allow Inbound UDP" -Direction Inbound -RemoteAddress "10.8.0.0/24" -Protocol UDP -Action Allow -Enabled True -ErrorAction SilentlyContinue Write-Host "VPN-Netzwerk-Regeln erstellt" -ForegroundColor Green } "4" { Write-Host "Erstelle alle Regeln..." -ForegroundColor Green if ($wgPath -and (Test-Path $wgPath)) { New-NetFirewallRule -DisplayName "WireGuard VPN - Allow TCP" -Direction Outbound -Program $wgPath -Protocol TCP -Action Allow -Enabled True -ErrorAction SilentlyContinue New-NetFirewallRule -DisplayName "WireGuard VPN - Allow UDP" -Direction Outbound -Program $wgPath -Protocol UDP -Action Allow -Enabled True -ErrorAction SilentlyContinue New-NetFirewallRule -DisplayName "WireGuard VPN - Allow Inbound TCP" -Direction Inbound -Program $wgPath -Protocol TCP -Action Allow -Enabled True -ErrorAction SilentlyContinue New-NetFirewallRule -DisplayName "WireGuard VPN - Allow Inbound UDP" -Direction Inbound -Program $wgPath -Protocol UDP -Action Allow -Enabled True -ErrorAction SilentlyContinue Write-Host "Programm-Regeln erstellt" -ForegroundColor Green } if ($wgInterface) { $ifIndex = $wgInterface.InterfaceIndex New-NetFirewallRule -DisplayName "WireGuard Interface $($wgInterface.Name) - Allow Outbound" -Direction Outbound -InterfaceIndex $ifIndex -Action Allow -Enabled True -ErrorAction SilentlyContinue New-NetFirewallRule -DisplayName "WireGuard Interface $($wgInterface.Name) - Allow Inbound" -Direction Inbound -InterfaceIndex $ifIndex -Action Allow -Enabled True -ErrorAction SilentlyContinue Write-Host "Interface-Regeln erstellt" -ForegroundColor Green } New-NetFirewallRule -DisplayName "WireGuard VPN Network - Allow Outbound TCP" -Direction Outbound -RemoteAddress "10.8.0.0/24" -Protocol TCP -Action Allow -Enabled True -ErrorAction SilentlyContinue New-NetFirewallRule -DisplayName "WireGuard VPN Network - Allow Outbound UDP" -Direction Outbound -RemoteAddress "10.8.0.0/24" -Protocol UDP -Action Allow -Enabled True -ErrorAction SilentlyContinue New-NetFirewallRule -DisplayName "WireGuard VPN Network - Allow Inbound TCP" -Direction Inbound -RemoteAddress "10.8.0.0/24" -Protocol TCP -Action Allow -Enabled True -ErrorAction SilentlyContinue New-NetFirewallRule -DisplayName "WireGuard VPN Network - Allow Inbound UDP" -Direction Inbound -RemoteAddress "10.8.0.0/24" -Protocol UDP -Action Allow -Enabled True -ErrorAction SilentlyContinue Write-Host "VPN-Netzwerk-Regeln erstellt" -ForegroundColor Green } "5" { Write-Host "?berspringe Regel-Erstellung" -ForegroundColor Yellow } default { Write-Host "Ung?ltige Option" -ForegroundColor Red } } Write-Host "" Write-Host "=== Zusammenfassung ===" -ForegroundColor Cyan Write-Host "Firewall-Regeln:" Get-NetFirewallRule | Where-Object {$_.DisplayName -like "*WireGuard*" -or $_.DisplayName -like "*VPN*"} | Select-Object DisplayName, Enabled, Direction, Action | Format-Table -AutoSize Write-Host "" Write-Host "=== N?chste Schritte ===" -ForegroundColor Cyan Write-Host "1. WireGuard neu verbinden (Disconnect ? Connect)" Write-Host "2. Teste: ping 10.8.0.1" Write-Host "3. Teste: https://grafana.michaelschiemer.de im Browser" Write-Host "4. Sag mir Bescheid, dann pr?fe ich die Traefik-Logs!"