umask 077 wg genkey | tee key_server_private.key | wg pubkey > key_server_public.key wg genkey | tee key_client_private.key | wg pubkey > key_client_public.key
File /etc/wireguard/wg0.conf:
[Interface] Address = 192.168.99.1/24 ListenPort = 51820 PrivateKey = <key_server_private.key> SaveConfig = false PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE [Peer] #Client PublicKey = <key_client_public.key> AllowedIPs = 192.168.99.2/32
File /etc/wireguard/client_wg0.conf:
[Interface] Address = 192.168.99.2/24 DNS = 8.8.8.8,8.8.4.4 PrivateKey = <key_client_private.key> [Peer] Endpoint = SERVER_HOSTNAME:51820 PublicKey = <key_server_public.key> AllowedIPs = 0.0.0.0/0, ::/0 PersistentKeepalive = 25
Last steps:
sudo wg-quick up wg0 sudo wg sudo systemctl enable wg-quick@wg0
Generate a qrcode for the mobile client:
qrencode -t ansiutf8 -l L < /etc/wireguard/client_wg0.conf