Server
sudo apt install -y wireguard cd /etc/wireguard umask 077; wg genkey | tee privatekey | wg pubkey > publickey /etc/wireguard/wg0.conf [Interface] Address = 192.168.6.1/24 ListenPort = 1194 PrivateKey = qz3LQkTEA8tOJEORyUxT2w2SIwdXwCLcO7joKq58tUs= PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE [Peer] PublicKey = wL+h2EqxaQpcWgwO8SIXPGqhHgssvj9xqjHAPjYLJ28= AllowedIPs = 192.168.6.2/32 sudo ufw allow 1194/udp sudo ufw status sudo systemctl enable wg-quick@wg0 sudo systemctl start wg-quick@wg0 sudo systemctl status wg-quick@wg0 # watch connections watch -n1 wg
Client
sudo apt install wireguard sudo sh -c 'umask 077; touch /etc/wireguard/wg0.conf' sudo -i cd /etc/wireguard/ umask 077; wg genkey | tee privatekey | wg pubkey > publickey cat privatekey cat wg0.conf [Interface] PrivateKey = uEQv4rLd73d9Snowzkdb+zfhlmHL+EoHK8C/yvHnz2o= Address = 192.168.6.2/24 [Peer] PublicKey = 6LqUWZ7OgM0SX+EKRHpOJ5UscFei/g3LEjA2Y+4K2m4= AllowedIPs = 192.168.6.0/24, 10.0.1.0/24 Endpoint = ${WG_SERVER_IP}:1194 PersistentKeepalive = 15
Android cllient
https://play.google.com/store/apps/details?id=com.wireguard.android
# generate configuration as QRcode sudo apt install -y qrencode cat wg0.conf | qrencode -t ansiutf8 -t png -o wg0.png # auto VPN tunnel on Wifi https://www.youtube.com/watch?v=pCldPHn5SBg
NetworkManager
https://blogs.gnome.org/thaller/2019/03/15/wireguard-in-networkmanager/
nmcli connection import type wireguard file wg0.conf nmcli connection up wg0 nmcli connection down wg0 nmcli connection delete wg0 nmcli connection modify wg0 autoconnect no
Forward
echo "net.ipv4.ip_forward = 1" > /etc/sysctl.d/99-ip_forward.conf sysctl -w net.ipv4.ip_forward=1 sudo apt install -y wireguard sudo ufw allow 22/tcp sudo ufw allow 1194/udp ufw enable
Update network-manager-gnome to 1.18.0-1ubuntu2 with WireGuard support on Ubuntu Focal 20.04
https://packages.ubuntu.com/groovy/network-manager-gnome
echo "deb http://de.archive.ubuntu.com/ubuntu groovy main restricted universe multiverse" | sudo tee /etc/apt/sources.list.d/ubuntu-groovy.list echo "deb http://de.archive.ubuntu.com/ubuntu groovy-updates main restricted universe multiverse" | sudo tee /etc/apt/sources.list.d/ubuntu-groovy-updates.list sudo apt update apt install -y network-manager-gnome rm /etc/apt/sources.list.d/ubuntu-groovy* apt update
Netplan
https://netplan.io/reference/
tunnels: wg0: mode: wireguard addresses: [...] peers: - keys: public: rlbInAj0qV69CysWPQY7KEBnKxpYCpaWqOs/dLevdWc= shared: /path/to/shared.key ... key: mNb7OIIXTdgW4khM7OFlzJ+UPs7lmcWHV7xjPgakMkQ=
OpenWRT
https://openwrt.org/docs/guide-user/services/vpn/wireguard/client
https://openwrt.org/docs/guide-user/network/tunneling_interface_protocols#static_addressing_of_wireguard_tunnel
UI
https://github.com/perara/wg-manager
# subspace
https://github.com/subspacecloud/subspace
https://hub.docker.com/r/subspacecloud/subspace
https://www.digitalocean.com/community/questions/how-to-install-subspace-on-ubuntu-server
Links
https://www.wireguard.com/install/
https://www.cyberciti.biz/faq/ubuntu-20-04-set-up-wireguard-vpn-server/
https://staaldraad.github.io/2017/04/17/nat-to-nat-with-wireguard/
https://tech.davidfield.co.uk/using-wireguard-when-your-linux-distro-hasnt-caught-up-yet/
https://medium.com/opsops/starting-with-wireguard-d17518869a60
https://blog.linuxserver.io/2019/11/24/connect-an-ubuntu-client-to-opnsense-wireguard-tunnel-with-a-gui-toggle-in-gnome/