#SERVER SIDE:
sudo apt update -y
sudo apt upgrade -y
sudo apt install wireguard -y
sudo wg genkey | tee privatekey | wg pubkey > publickey #will genarate public & private keys
ls
cat privatekey #(do not share with anybody!)
sudo nano /etc/wireguard/wg0.conf #wireguard configuration file
[Interface]
PrivateKey=<server-private-key>
Address=<server-ip-address>/<subnet> # make sure there isn't same subnet configured on one of the other psychical interfaces
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o <public-interface> -j MASQUERADE;
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o <public-interface> -j MASQUERADE;
ListenPort = 51820 # this the defuoult UDP port, but you can changed to any port if it's blocked.
[Peer] #client info
PublicKey = <client public-key>
AllowedIPs = <client IP/mask> # for example 10.0.0.2/32
#(any change to the conf file, need to run wg-quick down wg0 first then wg-quick up wg0 after the editing)
sudo wg-quick up wg0 #Starts the WireGuard VPN interface named wg0
sudo wg #Shows the current status of all active WireGuard interfaces and their peers
ip link # Lists all network interfaces and their statuses
wg show #Displays detailed status information for all active WireGuard interfaces,
CLIENT SIDE:
sudo apt update -y
sudo apt upgrade -y
sudo apt install wireguard -y
sudo wg genkey | tee privatekey | wg pubkey > publickey #will generate public & private keys
cat privatekey #(do not share with anybody!)
ls
sudo nano /etc/wireguard/wg0.conf
[Interface]
PrivateKey=<client-private-key>
Address=<client-ip-address>/<subnet> # make sure there isn't same subnet configured on one of the other pychical intefaces
DNS = 1.1.1.1, 2606:4700:4700::1111 # Optional: Cloudflare IPv4 and IPv6 DNS
[peer] #server info
Publickey=<Server Public Key>
Endpoint=<Server IP>:<port> # should be static public IP - reachble
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive=60 #sending keep alive to keep the tunnel opened
CLIENT SIDE:
sudo wg-quick up wg0 #Starts the WireGuard VPN interface named wg0
sudo wg #Shows the current status of all active WireGuard interfaces and their peers
ip link # Lists all network interfaces and their statuses
wg show #Displays detailed status information for all active WireGuard interfaces,
ping to the server ip address
SERVER SIDE
#Enagle routing forward traffic from VPN network to internet.
sudo nano /etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
sudo sysctl -p # apply changes and make it permanent
#check that traffic acutely routing to the internet
sudo tcpdump -envi wg0 host 8.8.8.8
#enable wiregaurd on boot (client and server)
sudo systemctl enable wg-quick@wg0
systemctl status wg-quick@wg0
#check that clocks synced
timedatectl
#check routing table on server & client
ip route
#Check location
curl ipinfo.io