July 8, 2018

Quick & Easy: WireGuard

Install wireguard

sudo add-apt-repository ppa:wireguard/wireguard
sudo apt-get update
sudo apt-get install wireguard-dkms wireguard-tools ufw
sudo ufw allow 5555/udp

Server:

sudo sysctl -w net.ipv4.ip_forward=1
sudo sysctl -p
wg genkey

save this into /etc/wireguard/wg0.conf

[Interface]
PrivateKey = output of genkey here
ListenPort = 5555
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE
Address = 192.168.2.1/24
SaveConfig = true

wg-quick up wg0

Client(s):

wg genkey

[Interface]
PrivateKey = output of genkey on client
Address = 192.168.2.2/24
DNS = 8.8.8.8

wg-quick up wg0

setup keys

Server

wg show
sudo wg set wg0 peer <client-publickey> allowed-ips 192.168.2.2/24

Client(s)

wg show
sudo wg set wg0 peer <server-publickey> endpoint <serveripordomain>:5555 allowed-ips 192.168.2.1/24

Ping:

ping 192.168.2.2 on server
ping 192.168.2.1 on client(s)

both

sudo systemctl restart wg-quick@wg0
sudo systemctl enable wg-quick@wg0

Home

The Fire Escape Benchmark

Projects

Quick & Easy

Linux Cheatsheet

LFTP Overview

About

Status

Quick & Easy: WireGuard