Wireguard Quick Start
2025-02-24 16:12:30

Quick Start

Server:

1
2
3
4
5
6
7
8
9
sudo apt update
sudo apt install wireguard

wg genkey | sudo tee /etc/wireguard/private.key
sudo chmod go= /etc/wireguard/private.key

sudo cat /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key

sudo vim /etc/wireguard/wg0.conf
1
2
3
4
5
6
# /etc/wireguard/wg0.conf
[Interface]
PrivateKey = base64_encoded_private_key_goes_here
Address = 10.0.0.1/24
ListenPort = 51820
SaveConfig = true
1
2
3
wg-quick up wg0
systemctl enable wg-quick@wg0
systemctl status wg-quick@wg0

Peer client:

  • Same steps but different conf file
1
2
3
4
5
6
7
8
9
10
# /etc/wireguard/wg0.conf
[Interface]
PrivateKey = base64_encoded_peer_private_key_goes_here
Address = 10.0.0.2/24
PostUp = ping -c1 10.0.0.1 # Initialize tunnel

[Peer]
PublicKey = base64_encoded_server_public_key
AllowedIPs = 10.0.0.0/24
Endpoint = 192.168.248.129:51820

Finally, add peer to server config

1
sudo wg set wg0 peer <peer_public_key> allowed-ips 10.0.0.2

alternatively, put the following in the server config

1
2
3
4
5
...

[Peer]
PublicKey = <peer_public_key>
AllowedIPs = 10.0.0.2/24

To stop:

1
2
sudo systemctl disable wg-quick@wg0
sudo wg-quick down wg0
2025-02-24 16:12:30
Next