Skip to content

Instantly share code, notes, and snippets.

@imWildCat

imWildCat/wireguard_setup_2023.md

Last active November 23, 2022 03:40
Show Gist options
  • Save imWildCat/caa324c6530eff80e55e13c5819dc779 to your computer and use it in GitHub Desktop.
Save imWildCat/caa324c6530eff80e55e13c5819dc779 to your computer and use it in GitHub Desktop.
Download ZIP
Set up site-to-site Wireguard (2023 version)
Raw
wireguard_setup_2023.md

Reference: https://gist.github.com/insdavm/b1034635ab23b8839bf957aa406b5e39

Server configuration

Make sure IPv4 forward is enabled

Check status:

~ » cat /proc/sys/net/ipv4/ip_forward                                                                 
0

0 means disabled. To enable it: sudo sysctl net.ipv4.ip_forward=1. To persist this setting: sudo vim /etc/sysctl.conf then add this line at the bottom: net.ipv4.ip_forward = 1

Server configuration sample

~ » sudo cat /etc/wireguard/wg0.conf

[Interface]
Address = 10.10.11.1/24
ListenPort = 51820
PrivateKey = [server private key]

PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o [network interface name] -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o [network interface name] -j MASQUERADE

# Client 1 sample
[Peer]
PublicKey = [client public key]
AllowedIPs = 10.10.11.0/24

Client configuration

Client configuration sample

[Interface]
PrivateKey = [client-private-key]
ListenPort = 51820
Address = 10.10.11.2/24

[Peer]
PublicKey = [server-pub-key]
AllowedIPs = 10.10.11.0/24, 10.10.10.0/24, 192.168.1.0/24
Endpoint = your.host.name:51820
PersistentKeepalive = 25 # This is very important
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment