Install wireguard

  • sudo add-apt-repository ppa:wireguard/wireguard
  • sudo apt-get update
  • sudo apt-get install wireguard-dkms wireguard-tools ufw
  • sudo ufw allow 5555/udp

Server:

  • sudo sysctl -w net.ipv4.ip_forward=1
  • sudo sysctl -p
umask u=rwx,go= && cat > /etc/wireguard/wg0.conf << _EOF  
[Interface]
PrivateKey = $(wg genkey)  
ListenPort = 5555  
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE  
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE  
Address = 20.0.0.1/24  
SaveConfig = true  
_EOF  

wg-quick up wg0

Client(s):

umask u=rwx,go= && cat > /etc/wireguard/wg0.conf << _EOF  
[Interface]
PrivateKey = $(wg genkey)  
ListenPort = 5555  
Address = 20.0.0.2/24  
DNS = 20.0.0.1  
SaveConfig = true  
_EOF  

wg-quick up wg0

setup keys

Server

  • wg show
  • sudo wg set wg0 peer <client-publickey> allowed-ips 20.0.0.2/32

Client(s)

  • wg show
  • sudo wg set wg0 peer <server-publickey> endpoint <serveripordomain>:5555 allowed-ips 20.0.0.1/32

Ping:

  • ping 20.0.0.2 on server
  • ping 20.0.0.1 on client(s)

both

  • sudo systemctl restart wg-quick@wg0
  • sudo systemctl enable wg-quick@wg0