wireguard

setup

enable ip forwarding>
```
root@ubuntu-s-1vcpu-1gb-lon1-01:~# nano /etc/sysctl.conf 
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1
root@ubuntu-s-1vcpu-1gb-lon1-01:~# sysctl -p
```

make dir and generate keys:
```
root@ubuntu-s-1vcpu-1gb-lon1-01:~# cd /etc/wireguard
root@ubuntu-s-1vcpu-1gb-lon1-01:/etc/wireguard# umask 077
wg genkey | tee privatekey | wg pubkey | tee pubkey
root@ubuntu-s-1vcpu-1gb-lon1-01:/etc/wireguard# chmod 600 /etc/wireguard/privatekey
```

Example config:
```
root@ubuntu-s-1vcpu-1gb-lon1-01:/etc/wireguard# cat wg0.conf 
[Interface]
Address = 192.168.20.1/24
SaveConfig = true
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; iptables -A FORWARD -o %i -j ACCEPT
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; iptables -D FORWARD -o %i -j ACCEPT
ListenPort = 51820
PrivateKey = <PRIVATE KEY HOST>

[Peer]
PublicKey = <PUBLIC KEY CLIENT>
AllowedIPs = 192.168.20.2/32
Endpoint = 109.43.178.5:12506
PersistentKeepalive = 25
```

start tunnel:
```
root@ubuntu-s-1vcpu-1gb-lon1-01:/etc/wireguard# wg-quick up wg0
root@ubuntu-s-1vcpu-1gb-lon1-01:/etc/wireguard# systemctl enable wg-quick@wg0
```

Add client in terminal:
```
wg set wg0 peer <PUBLIC KEY CLIENT> allowed-ips 192.168.20.2/32
```