cd /etc/wireguard wg genkey | tee privatekey | wg pubkey > publickey chmod 400 publickey privatekey
[Interface] Address = 192.168.x.1/24 ListenPort = ... PrivateKey = ... SaveConfig = true
PostUp
and PostDown
scripting are possible:
[Interface] Address = 192.168.x.1/24 ListenPort = ... PrivateKey = ... SaveConfig = true PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE;iptables -A FORWARD -o %i -j ACCEPT PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE;iptables -D FORWARD -o %i -j ACCEPT
sudo systemctl enable --now wg-quick@wg0
[Interface] ListenPort = ... PrivateKey = ...
# activate on boot auto wg0 # interface configuration iface wg0 inet static address 192.168.x.1/24 pre-up ip link add wg0 type wireguard pre-up wg setconf wg0 /etc/wireguard/wg0.conf post-up ... post-down ... post-down ip link del wg0