Wireguard
How to install and configure Wireguard
Wireguard installation
-
Installing WireGuard and Generating a Key Pair
sudo apt update && sudo apt upgrade -y
sudo apt install wireguard
wg genkey | sudo tee /etc/wireguard/private.key
sudo chmod go= /etc/wireguard/private.key
sudo cat /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key
date +%s%N
cat /var/lib/dbus/machine-id
printf 'timestamp''machine-id' | sha1sum
printf 442adea1488d96388dae9ab816045b24609a6c18 | cut -c 31-
Unique Local IPv6 Address Prefix starts with fd
vi /etc/wireguard/wg0.conf
[Interface] PrivateKey = privkey server you created Address = 10.0.1.1/24, fdxx:xxxx:xxxx::1/64 ListenPort = 51194 SaveConfig = true PostUp = ufw route allow in on wg0 out on eth0 PostUp = iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE PostUp = ip6tables -t nat -I POSTROUTING -o eth0 -j MASQUERADE PreDown = ufw route delete allow in on wg0 out on eth0 PreDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE PreDown = ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE # some peer name [Peer] PublicKey = pubkey client AllowedIPs = 10.0.1.2/32, fdxx:xxxx:xxxx::2/128 PersistentKeepalive = 15
chown -R root:root /etc/wireguard
chmod -R og-rwx /etc/wireguard
sudo vi /etc/sysctl.conf net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1 sudo sysctl -p
sudo systemctl enable wg-quick@wg0.service sudo systemctl start wg-quick@wg0.service sudo systemctl status wg-quick@wg0.service
sudo apt update && sudo apt upgrade -y
sudo apt install wireguard
wg genkey | sudo tee /etc/wireguard/private.key
sudo chmod go= /etc/wireguard/private.key
sudo cat /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key
vi /etc/wireguard/wg0.conf
[Interface] PrivateKey = privkey client Address = 10.0.1.2/24, fdxx:xxxx:xxxx::2/64 [Peer] PublicKey = pubkey server AllowedIPs = 10.0.1.0/24, fdxx:xxxx:xxxx::/64 Endpoint = public ipv4:1194 PersistentKeepalive = 25