====== Wireguard ======


umask 077
wg genkey | tee key_server_private.key | wg pubkey > key_server_public.key
wg genkey | tee key_client_private.key | wg pubkey > key_client_public.key

File **/etc/wireguard/wg0.conf**:


[Interface]
Address = 192.168.99.1/24
ListenPort = 51820
PrivateKey = 
SaveConfig = false

PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
#Client
PublicKey = 
AllowedIPs = 192.168.99.2/32

File **/etc/wireguard/client_wg0.conf**:


[Interface]
Address = 192.168.99.2/24
DNS = 8.8.8.8,8.8.4.4
PrivateKey = 

[Peer]
Endpoint = SERVER_HOSTNAME:51820
PublicKey = 
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 25

Last steps:


sudo wg-quick up wg0
sudo wg
sudo systemctl enable wg-quick@wg0

Generate a qrcode for the mobile client:


qrencode -t ansiutf8 -l L < /etc/wireguard/client_wg0.conf

===== References ===== * https://github.com/adrianmihalko/raspberrypiwireguard * https://github.com/l-n-s/wireguard-install * https://www.wireguard.com/install/ * https://www.wireguard.com/quickstart/