Doxbo

User Tools

Site Tools

You are here: start » linux » wireguard
linux:wireguard

This is an old revision of the document!

Wireguard

umask 077
wg genkey | tee server_private.key | wg pubkey > server_public.key
wg genkey | tee client_private.key | wg pubkey > client_public.key

File /etc/wireguard/wg0.conf: 

[Interface]
Address = 192.168.99.1/24
ListenPort = 51820
PrivateKey = <server_private.key>
SaveConfig = false

PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
#Client
PublicKey = <client_public.key>
AllowedIPs = 192.168.99.2/32

File /etc/wireguard/client_wg0.conf: 

[Interface]
Address = 192.168.99.2/24
DNS = 8.8.8.8,8.8.4.4
PrivateKey = <client_private.key>

[Peer]
Endpoint = SERVER_HOSTNAME:51820
PublicKey = <server_public.key>
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 25

Generate a qrcode for the mobile client: 

qrencode -t ansiutf8 -l L < /etc/wireguard/client_wg0.conf
linux/wireguard.1545612925.txt.gz · Last modified: 2018/12/24 01:55 by josep

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki