DRAFT
This assumes you already have a private/public key and the server is working as intended :)
Install: apt install wireguard
Activate packet forwarding: sudo bash -c 'echo 1 > /proc/sys/net/ipv4/ip_forward'
Create a config file in sudo vi /etc/wireguard/wg0.conf
Configuration file:
[Interface]
PrivateKey = <CLIENT_PRIVATE_KEY>
Address = <CLIENT_ADDRESS>/24
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o <LOCAL_INTERFACE_NAME> -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o <LOCAL_INTERFACE_NAME> -j MASQUERADE
[Peer]
PublicKey = <SERVER_PUBLIC_KEY>
AllowedIPs = <LIST_OF_ALLOWED_IPS_SEPARATED_BY_COMMA>
Endpoint = <SERVER_IP:PORT>Example:
[Interface]
PrivateKey = 3IAI0MH7s8Ty033i2MyI4LhOslhViOZ/zxZWtktHSn0=
Address = 172.16.16.3/24
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
PublicKey = 7s0bCp6HP3GgOnUE3b662TrLioPmaLOAPFlWm6cBDUA=
AllowedIPs = 10.100.15.0/24, 172.16.16.0/24
Endpoint = 191.10.100.10:51820Start the vpn: wg-quick up wg0
Check status: sudo wg show
Disconnect: wg-quick down wg0
Found errors? Think you can improve this documentation? Simply click the Edit link at the top of the page, and then the icon on Github to make your changes.
Powered by Grav + with by Trilby Media.