5,337
edits
WireGuard: Difference between revisions
→Server
(→Server) |
|||
| Line 16: | Line 16: | ||
</li> | </li> | ||
<li> | <li> | ||
Install WireGuard | Install WireGuard. | ||
<pre> | <pre> | ||
sudo apt install wireguard | sudo apt install wireguard | ||
| Line 22: | Line 22: | ||
</li> | </li> | ||
<li>Generate | <li>Generate server private and public keys. | ||
<pre> | |||
wg genkey | sudo tee /etc/wireguard/privatekey | wg pubkey | sudo tee /etc/wireguard/publickey | |||
</pre> | |||
</li> | |||
<li>Write the config file <code>/etc/wireguard/wg0.conf</code>. | |||
<pre> | |||
[Interface] | |||
Address = 10.0.0.1/24 | |||
SaveConfig = true | |||
ListenPort = 51820 | |||
PrivateKey = SERVER_PRIVATE_KEY | |||
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE | |||
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE | |||
</pre> | |||
</li> | |||
<li>Fix permissions and start the interface. | |||
<pre> | |||
sudo chmod 600 /etc/wireguard/{privatekey,wg0.conf} | |||
sudo wg-quick up wg0 | |||
sudo wg show wg0 | |||
</pre> | |||
</li> | </li> | ||
<li> Open up and forward port 51820 | <li>Open up and forward port 51820. | ||
<pre> | <pre> | ||
sudo ufw allow 51820/udp | sudo ufw allow 51820/udp comment wireguard | ||
</pre> | </pre> | ||
</li> | </li> | ||
<li>Enable WireGuard systemd service | <li>Enable WireGuard systemd service. | ||
<pre> | <pre> | ||
sudo systemctl enable wg-quick@wg0 | sudo systemctl enable wg-quick@wg0 | ||