Links

WireGuard

Server

Quick start:
$ sudo apt install wireguard
$ sudo vi /etc/sysctl.conf
net.ipv4.ip_forward=1
$ sudo sysctl -p
$ cd /etc/wireguard && umask 077
$ mkdir clients && cd clients && umask 077 && cd -
$ wg genkey | tee privatekey | wg pubkey > publickey
Control:
$ wg-quick up wg0
$ wg show
Enable at boot:
$ systemctl enable [email protected]
$ sudo modprobe wireguard
Configuration template:
/etc/wireguard
[Interface]
PrivateKey = <SERVER_PRIVATEKEY>
Address = 172.16.1.1/24
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 41194
[Peer]
## Client1
PublicKey = <CLIENT1_PUBLICKEY>
AllowedIPs = 172.16.1.2/32
[Peer]
## Client2
PublicKey = <CLIENT2_PUBLICKEY>
AllowedIPs = 172.16.1.3/32

Client

Generate keys:
$ $ wg genkey | tee client1 | wg pubkey > client1.pub
Configuration template:
client.template
[Interface]
PrivateKey = <CLIENT1_PRIVATEKEY>
Address = 172.16.1.2/24
DNS = 1.1.1.1, 1.0.0.1
[Peer]
PublicKey = <SERVER_PUBLICKEY>
AllowedIPs = 0.0.0.0/0
Endpoint = <SERVER_IP>:41194
PersistentKeepalive = 15
Restart the server:
$ sudo systemctl restart [email protected]