====== Wireguard ======

===== Server setup =====

<code bash>
cd /etc/wireguard
wg genkey | tee privatekey | wg pubkey > publickey
chmod 400 publickey privatekey
</code>

<file ini /etc/wireguard/wg0.conf>
[Interface]
Address = 192.168.x.1/24
ListenPort = ...
PrivateKey = ...
SaveConfig = true
</file>

===== Interface autostart =====

==== using wgquick service ====

''PostUp'' and ''PostDown'' scripting are possible:
<file ini /etc/wireguard/wg0.conf>
[Interface]
Address = 192.168.x.1/24
ListenPort = ...
PrivateKey = ...
SaveConfig = true
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE;iptables -A FORWARD -o %i -j ACCEPT
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE;iptables -D FORWARD -o %i -j ACCEPT
</file>

<code bash>
sudo systemctl enable --now wg-quick@wg0
</code>

==== using ifupdown ====

<file wg0.conf>
[Interface]
ListenPort = ...
PrivateKey = ...
</file>

<file /etc/network/interfaces.d/wg0>
# activate on boot
auto wg0
# interface configuration
iface wg0 inet static
    address 192.168.x.1/24
    pre-up ip link add wg0 type wireguard
    pre-up wg setconf wg0 /etc/wireguard/wg0.conf

    post-up ...

    post-down ...
    post-down ip link del wg0
</file>