Skip to content

Instantly share code, notes, and snippets.

@tkisason

tkisason/wireguard.md

Last active November 22, 2018 22:52
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save tkisason/dd4d4b6b5cd4646a8906416170418fdd to your computer and use it in GitHub Desktop.
Save tkisason/dd4d4b6b5cd4646a8906416170418fdd to your computer and use it in GitHub Desktop.
Download ZIP
Wireguard short tutorial
Raw
wireguard.md

On each host, install wireguard:

sudo apt install software-properties-common
sudo add-apt-repository ppa:wireguard/wireguard
sudo apt update
sudo apt install wireguard-dkms wireguard-tools

wg genkey | tee privatekey | wg pubkey > publickey

Make sure to do this on both hosts!

Make sure you open the firewall (or AWS security group) for the Wireguard port.

On server:

Create a config file

cat /etc/wireguard/wg0.conf 

[Interface]
Address = 10.192.122.1/24
SaveConfig = true
ListenPort = 51820
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
PrivateKey = <INSERTSERVERPRIVATEKEYHERE>

[Peer]
PublicKey = <INSERTPEERPUBLICKEYHERE>
AllowedIPs = 10.192.122.2/32

Add all your [Peer] into the config file.

Start the server and enable it at runtime:

wg-quick up wg0 
systemctl enable wg-quick@wg0

On client:

client:

Create a config file in /etc/wireguard/wg0.conf

[Interface]
Address = 10.192.122.2/32
PrivateKey = <INSERTCLIENTPRIVATEKEYHERE>
DNS = 1.1.1.1

[Peer]
PublicKey = <INSERTSERVERPUBLICKEYHERE>
AllowedIPs = 0.0.0.0/0
Endpoint = <SERVERPUBLICIP>:51820

Start the client and enable it at runtime:

wg-quick up wg0 
systemctl enable wg-quick@wg0

That's it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment