This is an old revision of the document!
umask 077 wg genkey | tee server_private.key | wg pubkey > server_public.key wg genkey | tee client_private.key | wg pubkey > client_public.key
File /etc/wireguard/wg0.conf:
[Interface] Address = 192.168.99.1/24 ListenPort = 51820 PrivateKey = <server_private.key> SaveConfig = false PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE [Peer] #Client PublicKey = <client_public.key> AllowedIPs = 192.168.99.2/32
File /etc/wireguard/client_wg0.conf:
[Interface] Address = 192.168.99.2/24 DNS = 8.8.8.8,8.8.4.4 PrivateKey = <client_private.key> [Peer] Endpoint = SERVER_HOSTNAME:51820 PublicKey = <server_public.key> AllowedIPs = 0.0.0.0/0, ::/0 PersistentKeepalive = 25
Generate a qrcode for the mobile client:
qrencode -t ansiutf8 -l L < /etc/wireguard/client_wg0.conf