Reference: https://gist.github.com/insdavm/b1034635ab23b8839bf957aa406b5e39
Check status:
~ » cat /proc/sys/net/ipv4/ip_forward
0
0
means disabled. To enable it: sudo sysctl net.ipv4.ip_forward=1
.
To persist this setting: sudo vim /etc/sysctl.conf
then add this line at the bottom: net.ipv4.ip_forward = 1
~ » sudo cat /etc/wireguard/wg0.conf
[Interface]
Address = 10.10.11.1/24
ListenPort = 51820
PrivateKey = [server private key]
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o [network interface name] -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o [network interface name] -j MASQUERADE
# Client 1 sample
[Peer]
PublicKey = [client public key]
AllowedIPs = 10.10.11.0/24
[Interface]
PrivateKey = [client-private-key]
ListenPort = 51820
Address = 10.10.11.2/24
[Peer]
PublicKey = [server-pub-key]
AllowedIPs = 10.10.11.0/24, 10.10.10.0/24, 192.168.1.0/24
Endpoint = your.host.name:51820
PersistentKeepalive = 25 # This is very important