July 8, 2018
Quick & Easy: WireGuard
Install wireguard
sudo add-apt-repository ppa:wireguard/wireguard
sudo apt-get update
sudo apt-get install wireguard-dkms wireguard-tools ufw
sudo ufw allow 5555/udp
Server:
sudo sysctl -w net.ipv4.ip_forward=1
sudo sysctl -p
wg genkey
save this into /etc/wireguard/wg0.conf
[Interface]
PrivateKey = output of genkey here
ListenPort = 5555
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE
Address = 192.168.2.1/24
SaveConfig = true
wg-quick up wg0
Client(s):
wg genkey
[Interface]
PrivateKey = output of genkey on client
Address = 192.168.2.2/24
DNS = 8.8.8.8
wg-quick up wg0
setup keys
Server
wg show
sudo wg set wg0 peer <client-publickey> allowed-ips 192.168.2.2/24
Client(s)
wg show
sudo wg set wg0 peer <server-publickey> endpoint <serveripordomain>:5555 allowed-ips 192.168.2.1/24
Ping:
ping 192.168.2.2
on serverping 192.168.2.1
on client(s)
both
sudo systemctl restart wg-quick@wg0
sudo systemctl enable wg-quick@wg0