EZ WireGuard Setup
Apr 22, 2019
Keys
Generate keys on both the server and client.
wg genkey | tee privatekey | wg pubkey > publickey
Server
Change eth0 to your outbound interface if needed.
[Interface]
PrivateKey = <server private key>
ListenPort = 51820
Address = 10.0.0.1/24
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i %i -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i %i -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
PublicKey = <client public key>
AllowedIPs = 10.0.0.0/24
Enable forwarding in /etc/sysctl.conf.
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
Client
[Interface]
PrivateKey = <client private key>
Address = 10.0.0.2/32
[Peer]
PublicKey = <server public key>
Endpoint = <server public ip>:51820
AllowedIPs = 10.0.0.0/24
Run
wg-quick up wg0
Daemon
systemctl enable wg-quick@wg0
systemctl start wg-quick@wg0