wireguard

WireGuard

Server

sudo apt install -y wireguard
 
cd /etc/wireguard
umask 077;
wg genkey | tee privatekey | wg pubkey > publickey
 
/etc/wireguard/wg0.conf
[Interface]
Address = 192.168.6.1/24
ListenPort = 1194
PrivateKey = qz3LQkTEA8tOJEORyUxT2w2SIwdXwCLcO7joKq58tUs=
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE     
 
[Peer]
PublicKey = wL+h2EqxaQpcWgwO8SIXPGqhHgssvj9xqjHAPjYLJ28=
AllowedIPs = 192.168.6.2/32
 
sudo ufw allow 1194/udp
sudo ufw status
 
sudo systemctl enable wg-quick@wg0
sudo systemctl start wg-quick@wg0
sudo systemctl status wg-quick@wg0
 
# watch connections
watch -n1 wg

Client

Read more about WireGuard

LXD: Create WireGuard container

Create container

CONTAINER=wireguard
 
# Add ubuntu-minimal repository
lxc remote add --protocol simplestreams ubuntu-minimal https://cloud-images.ubuntu.com/minimal/releases/
 
# Create LXD container
#lxc launch ubuntu-minimal:lts ${CONTAINER}
lxc launch ubuntu-minimal:22.04 ${CONTAINER}
 
# update APT packages
lxc exec ${CONTAINER} -- bash -c "export http_proxy=${http_proxy} && apt update && apt -y dist-upgrade && apt -y autoremove"
 
# Install WireGuard
lxc exec ${CONTAINER} -- bash -c "export http_proxy=${http_proxy} && apt install -y wireguard iptables iputils-ping"

Configure UDP 4000 port forward to wireguard container

lxc config device add ${CONTAINER} udp51820 proxy listen=udp:0.0.0.0:51820 connect=udp:127.0.0.1:51820

Configure WireGuard

Read more about LXD: Create WireGuard container

OpenWRT Wireguard server

OpenWrt server
https://openwrt.org/docs/guide-user/services/vpn/wireguard/client

Read more about OpenWRT Wireguard server

Subscribe to wireguard