Wireguard Quick Start
2024-03-09 12:48:44

Quick Start

Server:

1
2
3
4
5
6
7
8
9
sudo apt update
sudo apt install wireguard

wg genkey | sudo tee /etc/wireguard/private.key
sudo chmod go= /etc/wireguard/private.key

sudo cat /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key

sudo vim /etc/wireguard/wg0.conf
1
2
3
4
5
6
# /etc/wireguard/wg0.conf
[Interface]
PrivateKey = base64_encoded_private_key_goes_here
Address = 10.0.0.1/24
ListenPort = 51820
SaveConfig = true
1
2
3
wg-quick up wg0
systemctl enable wg-quick@wg0
systemctl status wg-quick@wg0

Peer client:

  • Same steps but different conf file
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    # /etc/wireguard/wg0.conf
    [Interface]
    PrivateKey = base64_encoded_peer_private_key_goes_here
    Address = 10.0.0.2/24
    PostUp = ping -c1 10.0.0.1 # Initialize tunnel

    [Peer]
    PublicKey = base64_encoded_server_public_key
    AllowedIPs = 10.0.0.0/24
    Endpoint = 192.168.248.129:51820

Finally, add peer to server config

1
sudo wg set wg0 peer <peer_public_key> allowed-ips 10.0.0.2

alternatively, put the following in the server config

1
2
3
4
5
...

[Peer]
PublicKey = <peer_public_key>
AllowedIPs = 10.0.0.2/24

To stop:

1
2
sudo systemctl disable wg-quick@wg0
sudo wg-quick down wg0
2024-03-09 12:48:44
Next