Wireguard VPN Quickstart

Server

Install

sudo apt-get update
sudo apt-get --yes install wireguard

cd /etc/wireguard/

Prepare Keys

cd /etc/wireguard/

mkdir server.keys/
mkdir client1.keys/
mkdir client2.keys/

cd server.keys/ && wg genkey | tee privatekey | wg pubkey > publickey && cd ..
cd client1.keys/ && wg genkey | tee privatekey | wg pubkey > publickey && cd ..
cd client2.keys/ && wg genkey | tee privatekey | wg pubkey > publickey && cd ..

Create the server conf

1. Replace the private key with server.keys/privatekey
2. Replace the public key for each peer with the respective client#.keys/publickey
3. I used static IP assignments for each client, but you could use dynamic if you wanted.
4. Note that eno1 might be eth1 or something else (ip link show)

vi /etc/wireguard/wg0.conf

[Interface]
PrivateKey = INSERT_SERVER.KEYS/privatekey_HERE
Address = 10.8.0.1/24
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE
ListenPort = 51820

[Peer]
PublicKey = INSERT_CLIENT1.KEYS/publickey_HERE
AllowedIPs = 10.8.0.2/32

[Peer]
PublicKey = INSERT_CLIENT2.KEYS/publickey_HERE
AllowedIPs = 10.8.0.3/32

Server Startup

sudo systemctl start wg-quick@wg0
sudo systemctl enable wg-quick@wg0

Enable Packet Forwarding

echo "net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1" > /etc/sysctl.d/wg.conf

sysctl --system

Client Conf

[Interface]
Address = 10.8.0.2/32
PrivateKey = INSERT_CLIENT1.KEYS/privatekey_HERE
DNS = 1.1.1.1

[Peer]
PublicKey = INSERT_SERVER.KEYS/publickey_HERE
Endpoint = INSERT_YOUR_IP_OR_DNS_HERE:51820
AllowedIPs = 0.0.0.0/0, ::/0

• Wireguard VPN Quickstart
• Google Pixel 6a Battery Life Change
• Cheap FIDO2 USB
• ESP32 USB Army Knife - RickRoll
• Creality Ender-3 v3 KE, Heat Creep, Fan replacement

• Computer Problems
• Curriculum Vitae
• Free Stuff
• Games
• Misc
• Programming
• Security
• Tech Tricks