Skip to content

Instantly share code, notes, and snippets.

@anisimovdk

anisimovdk/Wireguard quick-setup.md

Created December 22, 2023 22:01
Show Gist options
  • Save anisimovdk/356d0ca8fc48af03b935391dd1f11e4b to your computer and use it in GitHub Desktop.
Save anisimovdk/356d0ca8fc48af03b935391dd1f11e4b to your computer and use it in GitHub Desktop.
Download ZIP
Wireguard quick-setup
Raw
Wireguard quick-setup.md

Wireguard quick-setup

Keygen

Server

wg genkey | tee /etc/wireguard/private.key
chmod go= /etc/wireguard/private.key
cat /etc/wireguard/private.key | wg pubkey | tee /etc/wireguard/public.key

Client:

wg genkey | tee ~/.wg.key
chmod go= ~/.wg.key
cat ~/.wg.key | wg pubkey | tee ~/.wg.pub

Server Setup

Server conf:

[Interface]
Address = 10.8.0.1/24 # server address in wireguard network
SaveConfig = true
ListenPort = 51234
PrivateKey = <wg_server_private_key>

PreUp = iptables -I INPUT 1 -i wg0 -j ACCEPT;iptables -I FORWARD 1 -i eth0 -o wg0 -j ACCEPT; iptables -I FORWARD 1 -i wg0 -o eth0 -j ACCEPT
PreUp = iptables -t mangle -A PREROUTING -i wg0 -j MARK --set-mark 0x30
PreUp = iptables -t nat -A POSTROUTING ! -o wg0 -m mark --mark 0x30 -j MASQUERADE
PostDown = iptables -t mangle -D PREROUTING -i wg0 -j MARK --set-mark 0x30
PostDown = iptables -t nat -D POSTROUTING ! -o wg0 -m mark --mark 0x30 -j MASQUERADE

[Peer]
PublicKey = <wg_clietn_public_key>
AllowedIPs = 10.8.0.2/32 # client address in wireguard network

Start WireGuard:

systemctl enable wg-quick@wg0.service
systemctl start wg-quick@wg0.service

Client Setup

Install wireguard tools:

brew install wireguard-tools

Client conf:

[Interface]
PrivateKey = <wg_client_pirvate_key>
Address = 10.8.0.2/24 # client address in wireguard network

[Peer]
PublicKey = <wg_server_public_key>
AllowedIPs = 10.8.0.0/24, 192.168.0.0/24 # allowed network to access
Endpoint = 1.2.3.4:51234 # address of wireguard server
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment