Quick & Easy: WireGuard

Install wireguard

• sudo add-apt-repository ppa:wireguard/wireguard
• sudo apt-get update
• sudo apt-get install wireguard-dkms wireguard-tools ufw
• sudo ufw allow 5555/udp

Server:

• sudo sysctl -w net.ipv4.ip_forward=1
• sudo sysctl -p
• wg genkey

save this into /etc/wireguard/wg0.conf

[Interface]
PrivateKey = output of genkey here
ListenPort = 5555
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE
Address = 192.168.2.1/24
SaveConfig = true

wg-quick up wg0

Client(s):

• wg genkey

[Interface]
PrivateKey = output of genkey on client
Address = 192.168.2.2/24
DNS = 8.8.8.8

• wg-quick up wg0

setup keys

Server

• wg show
• sudo wg set wg0 peer <client-publickey> allowed-ips 192.168.2.2/24

Client(s)

• wg show
• sudo wg set wg0 peer <server-publickey> endpoint <serveripordomain>:5555 allowed-ips 192.168.2.1/24

Ping:

• ping 192.168.2.2 on server
• ping 192.168.2.1 on client(s)

both

• sudo systemctl restart wg-quick@wg0
• sudo systemctl enable wg-quick@wg0