Wireguard - Simple Client Server Setup
Simple setup of wireguard with server and multiple peer config with pre shared keys
Operation
Check status of Wireguard
Server
Service is started/stopped with:
Service is enabled/disabled with
Client/Peer
Should be managed by Network Manager, after importing it during the setup
Setup
Server
Install wireguard
Enable routing by editing /etc/sysctl.conf
, and making sure this exists:
Reload config:
Go to /etc/wireguard
, and generate the public and private keys of the server:
Create /etc/wireguard/wg0.conf
, and fill in the placeholder values based on the gerneated private key:
[Interface]
Address = 10.0.0.1/24
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o <INTERFACE> -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o <INTERFACE> -j MASQUERADE
ListenPort = <PORT>
PrivateKey = <server.privatekey>
Client(s)/Peer(s)
Install wireguard
Go to /etc/wireguard
, and generate the public and private keys of the server, and also the Preshared Key
umask 077; wg genkey | tee client.privatekey | wg pubkey > client.publickey
umask 077; wg genpsk > client.preshared
Create /etc/wireguard/wg0.conf
, and fill in the placeholder values based ont he gereanted keys, and details of the sever:
[Interface]
Address = 10.0.0.100/24
PrivateKey = <client.privatekey>
[Peer]
PublicKey = <server.publickey>
AllowedIPs = 10.0.0/24, <OTHER NETWORKS>
Endpoint = <DOMAIN/IP>:<PORT>
PersistentKeepalive = 15
PresharedKey = <client.preshared>
Then Add this config into NetworkManager
Server Again
Append the below peer details into /etc/wireguard/wg0.conf
The resulting /etc/wireguard/wg0.conf
on the server should now look like this:
[Interface]
Address = 10.0.0.1/24
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o <INTERFACE> -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o <INTERFACE> -j MASQUERADE
ListenPort = <PORT>
PrivateKey = <server.privatekey>
[Peer]
PublicKey = <client.publickey>
AllowedIPs = 10.0.0.100/32
PresharedKey = <client.preshared>