meta data for this page
Book Creator
 Add this page to your book
Book Creator
 Remove this page from your book  

 Manage book(0 page(s))
 Help

Wireguard

Server setup

cd /etc/wireguard
wg genkey | tee privatekey | wg pubkey > publickey
chmod 400 publickey privatekey
/etc/wireguard/wg0.conf
[Interface]
Address = 192.168.x.1/24
ListenPort = ...
PrivateKey = ...
SaveConfig = true

Interface autostart

using wgquick service

PostUp and PostDown scripting are possible:

/etc/wireguard/wg0.conf
[Interface]
Address = 192.168.x.1/24
ListenPort = ...
PrivateKey = ...
SaveConfig = true
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE;iptables -A FORWARD -o %i -j ACCEPT
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE;iptables -D FORWARD -o %i -j ACCEPT
sudo systemctl enable --now wg-quick@wg0

using ifupdown

[Interface]
ListenPort = ...
PrivateKey = ...
# activate on boot
auto wg0
# interface configuration
iface wg0 inet static
    address 192.168.x.1/24
    pre-up ip link add wg0 type wireguard
    pre-up wg setconf wg0 /etc/wireguard/wg0.conf
 
    post-up ...
 
    post-down ...
    post-down ip link del wg0