WireGuard
Just a snippset for myself
Contents
Note
This article was last updated on 2024-06-22, the content may be out of date.
1 Installation
1.1 Arch linux
sudo pacman -S wireguard-tools
Note
Users of kernels < 5.6 may also choose
wireguard-lts
or wireguard-dkms
+ linux-headers
, depending on which kernel is used.1.2 Debian
sudo apt install wireguard
Info
For other distros, please head over to WireGuard’s official installation document
1.3 Android
2 Generate Keys
umask 077; wg genkey | tee privatekey | wg pubkey > publickey
3 Client configuration
In /etc/wireguard/wg0.conf
:
[Interface]
PrivateKey = PRIVATE_KEY
Address = 10.x.x.x/x
#DNS = 10.x.x.x, 10.x.x.x # optional, would recommend only if you set AllowedIPs to 0.0.0.0/0
[Peer]
PublicKey = Server_Public_Key
AllowedIPs = 0.0.0.0/0 # or subnets you want to allow
Endpoint = ip:51820
# PersistentKeepalive = 25 # optional
4 Server configuration
[Interface]
PrivateKey = PRIVATE_KEY
Address = 10.x.x.x/x
ListenPort = 51820
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o PUBLIC_INTERFACE -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o PUBLIC_INTERFACE -j MASQUERADE
[Peer]
PublicKey = Client_Public_key
AllowedIPs = 10.x.x.x/32
Note
Replace
PUBLIC_INTERFACE
with your interface, such as eth0
.5 Enable IPv4 packet forwarding
In /etc/sysctl.d/99-sysctl.conf
, uncomment line #net.ipv4.ip_forward=1
.
To apply, reboot or run sudo sysctl -p
.
6 Daemonizing
Replace wg0
with the filename (without extension) you have in /etc/wireguard/
.
sudo systemctl enable --now wg-quick@wg0
7 Restarting
wg-quick down wg0 && wg-quick up wg0
8 Using networkmanager
to manage wireguard
8.1 Import configuration file
nmcli connection import type wireguard file /etc/wireguard/wg0.conf
Note
Note: nmcli can create a WireGuard connection profile, but it does not support configuring WireGuard peers.
8.2 Usage
# Enable
nmcli connection up wg0
# Disable
nmcli connection down wg0
8.3 Disable ipv6
nmcli connection modify your_network_interface ipv6.method "disabled"
9 Futher reading
- Quick start
- WireGuard on wiki.archlinux.org
Buy me a cup of coffee