- https://www.digitalocean.com/community/tutorials/how-to-set-up-wireguard-on-ubuntu-20-04
- https://www.wireguard.com/#simple-network-interface
apt -y update && \
apt -y install wireguard# this will generate server private key & public key for server, run again for client on deferent device.
wg genkey | tee privateKey | wg pubkey > publicKeycat /etc/wireguard/wg0.conf
[Interface]
# create an address according to your needs
Address = 10.0.0.1/24
PostUp = ufw route allow in on wg0 out on enp1s0
PostUp = iptables -t nat -I POSTROUTING -o enp1s0 -j MASQUERADE
PostUp = ip6tables -t nat -I POSTROUTING -o enp1s0 -j MASQUERADE
PreDown = ufw route delete allow in on wg0 out on enp1s0
PreDown = iptables -t nat -D POSTROUTING -o enp1s0 -j MASQUERADE
PreDown = ip6tables -t nat -D POSTROUTING -o enp1s0 -j MASQUERADE
# you can use any udp port
ListenPort = 53133
PrivateKey = <<ServerPrivateKey>>
[Peer]
PublicKey = <<PublicKeyClient1>>
# create an subnet according to your needs
AllowedIPs = 10.0.0.2/32
# multiple client
[Peer]
PublicKey = <<PublicKeyClient2>>
AllowedIPs = 10.0.0.3/32Edit cat /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1sysctl -p # to enable packet forwarding
systemctl stop wg-quick@wg0
systemctl start wg-quick@wg0
systemctl status wg-quick@wg0
journalctl -xf -n10 -u [email protected]
sudo wgNB: you may have to install apt-get -y install openresolv if wire-guard is unable to start
For edit /etc/wireguard/wg0.conf you need to:
- a. stop wg
- b. edit files
- c. start wg if you don't do that, changes not saved.
You can choose of client in https://www.wireguard.com/install/
Example file configuration on android/ios/mac/windows
[Interface]
Address = 10.0.0.3/32
DNS = 1.1.1.1
PrivateKey = <<PrivateKeyClient2>>
[Peer]
publickey = <<ServerPublicKey>>
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = <<IpServer>>:53133
inside wg0.conf file.
[Peer] is a client of wireguard