====== Wireguard ======
umask 077
wg genkey | tee key_server_private.key | wg pubkey > key_server_public.key
wg genkey | tee key_client_private.key | wg pubkey > key_client_public.key
File **/etc/wireguard/wg0.conf**:
[Interface]
Address = 192.168.99.1/24
ListenPort = 51820
PrivateKey =
SaveConfig = false
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
#Client
PublicKey =
AllowedIPs = 192.168.99.2/32
File **/etc/wireguard/client_wg0.conf**:
[Interface]
Address = 192.168.99.2/24
DNS = 8.8.8.8,8.8.4.4
PrivateKey =
[Peer]
Endpoint = SERVER_HOSTNAME:51820
PublicKey =
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 25
Last steps:
sudo wg-quick up wg0
sudo wg
sudo systemctl enable wg-quick@wg0
Generate a qrcode for the mobile client:
qrencode -t ansiutf8 -l L < /etc/wireguard/client_wg0.conf
===== References =====
* https://github.com/adrianmihalko/raspberrypiwireguard
* https://github.com/l-n-s/wireguard-install
* https://www.wireguard.com/install/
* https://www.wireguard.com/quickstart/