Install wireguard

  • sudo add-apt-repository ppa:wireguard/wireguard
  • sudo apt-get update
  • sudo apt-get install wireguard-dkms wireguard-tools ufw
  • sudo ufw allow 5555/udp

Server:

  • sudo sysctl -w net.ipv4.ip_forward=1
  • sudo sysctl -p
  • wg genkey

save this into /etc/wireguard/wg0.conf

[Interface]
PrivateKey = output of genkey here  
ListenPort = 5555  
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE  
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE  
Address = 192.168.2.1/24  
SaveConfig = true  

wg-quick up wg0

Client(s):

  • wg genkey
[Interface]
PrivateKey = output of genkey on client  
Address = 192.168.2.2/24  
DNS = 8.8.8.8  
  • wg-quick up wg0

setup keys

Server

  • wg show
  • sudo wg set wg0 peer <client-publickey> allowed-ips 192.168.2.2/24

Client(s)

  • wg show
  • sudo wg set wg0 peer <server-publickey> endpoint <serveripordomain>:5555 allowed-ips 192.168.2.1/24

Ping:

  • ping 192.168.2.2 on server
  • ping 192.168.2.1 on client(s)

both

  • sudo systemctl restart wg-quick@wg0
  • sudo systemctl enable wg-quick@wg0