akhiljalagam/README.md

## README.md

      
    Raw
  

              README.md
            
          
    Simple WireGuard configuration


1 server, 2 clients

Getting started

Install Wireguard on all machines.
Generate all keys

$ wg genkey > server_privatekey
$ wg pubkey < server_privatekey > server_publickey_client1
$ wg pubkey < server_privatekey > server_publickey_client2
$ wg genkey | tee client1_privatekey | wg pubkey > client1_publickey
$ wg genkey | tee client2_privatekey | wg pubkey > client2_publickey

Start

$ wg-quick up wg0

Stop

$ wg-quick down wg0

Check status

$ wg show
interface: wg0
  public key: <SERVER PUBLIC KEY>
  private key: (hidden)
  listening port: 51820
  fwmark: 0xca6c

peer: <CLIENT 1 PUBLIC KEY>
  endpoint: ...
  allowed ips: 10.100.0.2/32
  latest handshake: 4 seconds ago
  transfer: 21.11 KiB received, 38.92 KiB sent

peer: <CLIENT 2 PUBLIC KEY>
  endpoint: ...
  allowed ips: 10.100.0.3/32
  latest handshake: 9 seconds ago
  transfer: 911.10 KiB received, 2.57 MiB sent


## client1-wg0.conf
[Interface]
Address = 10.100.0.2/32
PrivateKey = <CLIENT 1 PRIVATE KEY>
DNS = 10.100.0.1

[Peer]
PublicKey = <SERVER PUBLIC KEY>
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = <SERVER PUBLIC IP>:51820

## client2-wg0.conf
[Interface]
Address = 10.100.0.3/32
PrivateKey = <CLIENT 2 PRIVATE KEY>
DNS = 10.100.0.1

[Peer]
PublicKey = <SERVER PUBLIC KEY>
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = <SERVER PUBLIC IP>:51820

## postdown.sh
#!/usr/bin/env bash
set -ex

# Traffic forwarding
iptables -D FORWARD -i %i -j ACCEPT
iptables -D FORWARD -o %i -j ACCEPT

# Nat
iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

# DNS
iptables -D INPUT -s 10.100.0.1/24 -p tcp -m tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
iptables -D INPUT -s 10.100.0.1/24 -p udp -m udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT

## postup.sh
#!/usr/bin/env bash
set -ex

# Traffic forwarding
iptables -A FORWARD -i %i -j ACCEPT
iptables -A FORWARD -o %i -j ACCEPT

# Nat
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

# DNS
iptables -A INPUT -s 10.100.0.1/24 -p tcp -m tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
iptables -A INPUT -s 10.100.0.1/24 -p udp -m udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT

## server-wg0.conf
[Interface]
Address = 10.100.0.1/24
SaveConfig = true
PostUp = /etc/wireguard/postup.sh
PostDown = /etc/wireguard/postdown.sh
ListenPort = 51820
FwMark = 0xca6c
PrivateKey = <SERVER PRIVATE KEY>

[Peer]
PublicKey = <CLIENT 1 PUBLIC KEY>
AllowedIPs = 10.100.0.2/32

[Peer]
PublicKey = <CLIENT 2 PUBLIC KEY>
AllowedIPs = 10.100.0.3/32
	[Interface]
	Address = 10.100.0.2/32
	PrivateKey = <CLIENT 1 PRIVATE KEY>
	DNS = 10.100.0.1

	[Peer]
	PublicKey = <SERVER PUBLIC KEY>
	AllowedIPs = 0.0.0.0/0, ::/0
	Endpoint = <SERVER PUBLIC IP>:51820
	[Interface]
	Address = 10.100.0.3/32
	PrivateKey = <CLIENT 2 PRIVATE KEY>
	DNS = 10.100.0.1

	[Peer]
	PublicKey = <SERVER PUBLIC KEY>
	AllowedIPs = 0.0.0.0/0, ::/0
	Endpoint = <SERVER PUBLIC IP>:51820
	#!/usr/bin/env bash
	set -ex

	# Traffic forwarding
	iptables -D FORWARD -i %i -j ACCEPT
	iptables -D FORWARD -o %i -j ACCEPT

	# Nat
	iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

	# DNS
	iptables -D INPUT -s 10.100.0.1/24 -p tcp -m tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
	iptables -D INPUT -s 10.100.0.1/24 -p udp -m udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
	[Interface]
	Address = 10.100.0.1/24
	SaveConfig = true
	PostUp = /etc/wireguard/postup.sh
	PostDown = /etc/wireguard/postdown.sh
	ListenPort = 51820
	FwMark = 0xca6c
	PrivateKey = <SERVER PRIVATE KEY>

	[Peer]
	PublicKey = <CLIENT 1 PUBLIC KEY>
	AllowedIPs = 10.100.0.2/32

	[Peer]
	PublicKey = <CLIENT 2 PUBLIC KEY>
	AllowedIPs = 10.100.0.3/32