- Install wireguard if required.
wg genkey | tee wgprivatekey | wg pubkey > wgpublickey- note your private key is along with the public key in the folder you just executed the above commands in.
- grab the generated privatekey and put it at the logical place with the rest of this config in
/etc/wireguard/someinterface.conf
[Interface]
PrivateKey = PRIVKEYHERE
ListenPort = SOMEPORT
Address = LOCALVPNADDRESS/SUBNET
[Peer]
PublicKey = REMOTEPUBKEYHERE
Endpoint = REMOTEINTERNETIPHERE (clients only)
AllowedIPs = LOCALVPNIP/SUBNET
- Do the same on the client
- Bring the VPN up by doing
wg-quick up someinterface - Give yourself a pat on the shoulder (either shoulder works for this purpose)
-
LOCALVPNADDRESS is the IP address the machine will have inside the VPN, not on the internet. That's what the Endpoint parameter is for.
-
you only need to have an Endpoint on one of the two machines, after a connection is established they'll automatically roam to new IPs without configuration.
-
to get the public key you have to echo the private key into
wg pubkey. The command will otherwise appear to hang.
Useful links