WireGuard

sudo apt install -y wireguard
 
cd /etc/wireguard
umask 077;
wg genkey | tee privatekey | wg pubkey > publickey
 
/etc/wireguard/wg0.conf
[Interface]
Address = 192.168.6.1/24
ListenPort = 1194
PrivateKey = qz3LQkTEA8tOJEORyUxT2w2SIwdXwCLcO7joKq58tUs=
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE     
 
[Peer]
PublicKey = wL+h2EqxaQpcWgwO8SIXPGqhHgssvj9xqjHAPjYLJ28=
AllowedIPs = 192.168.6.2/32
 
sudo ufw allow 1194/udp
sudo ufw status
 
sudo systemctl enable wg-quick@wg0
sudo systemctl start wg-quick@wg0
sudo systemctl status wg-quick@wg0
 
# watch connections
watch -n1 wg

sudo apt install wireguard
sudo sh -c 'umask 077; touch /etc/wireguard/wg0.conf'
sudo -i
cd /etc/wireguard/
umask 077; wg genkey | tee privatekey | wg pubkey > publickey
 
cat privatekey
 
cat wg0.conf 
[Interface]
PrivateKey = uEQv4rLd73d9Snowzkdb+zfhlmHL+EoHK8C/yvHnz2o=
Address = 192.168.6.2/24
#PreUp = ip route add 10.0.1.0/24 via 192.168.178.1 dev wlp3s0
#PostDown = ip route del 10.0.1.0/24 via 192.168.178.1 dev wlp3s0
#PreUp = ip route add 192.168.1.0/24 via 192.168.178.1 dev wlp3s0
#PostDown = ip route del 192.168.1.0/24 via 192.168.178.1 dev wlp3s0
 
 
[Peer]
PublicKey = 6LqUWZ7OgM0SX+EKRHpOJ5UscFei/g3LEjA2Y+4K2m4=
Endpoint = ${WG_SERVER_IP}:1194
PersistentKeepalive = 15
#AllowedIPs = 192.168.6.0/24, 10.0.1.0/24
#AllowedIPs = 10.0.0.0/8 # private class A
#AllowedIPs = 172.16.0.0/12 # private class B
#AllowedIPs = 192.168.0.0/16 # private class C
#AllowedIPs = 11.22.33.44/32
 
 
# import
nmcli connection import type wireguard file wg-foo.conf
nmcli connection down wg-foo
nmcli connection modify wg-foo ipv4.dns "192.168.251.6"
#nmcli connection modify wg-foo connection.secondaries $(nmcli -g connection.uuid connection show BAR) # auto start first VPN
nmcli connection modify wg-foo connection.autoconnect no
nmcli connection up wg-foo

# generate configuration as QRcode 
sudo apt install -y qrencode
cat wg0.conf | qrencode -t ansiutf8 -t png -o wg0.png -s 8
 
# auto VPN tunnel on Wifi
https://www.youtube.com/watch?v=pCldPHn5SBg

nmcli connection import type wireguard file wg0.conf
nmcli connection up wg0
nmcli connection down wg0
nmcli connection delete wg0
nmcli c modify wg0 connection.id wg1
nmcli connection modify wg0 autoconnect no

gnome-shell --version
gnome-extensions install https://extensions.gnome.org/extension-data/wireguard-indicatoratareao.es.v9.shell-extension.zip
reboot
gnome-extensions list
gnome-extensions enable wireguard-indicator@atareao.es

echo "deb http://de.archive.ubuntu.com/ubuntu lunar main restricted universe multiverse" | sudo tee /etc/apt/sources.list.d/ubuntu-lunar.list
sudo apt update
apt install -y network-manager-gnome
rm /etc/apt/sources.list.d/ubuntu-lunar.list
apt update

echo "net.ipv4.ip_forward = 1" >  /etc/sysctl.d/99-ip_forward.conf
sysctl -w net.ipv4.ip_forward=1
 
sudo apt install -y wireguard
sudo ufw allow 22/tcp
sudo ufw allow 1194/udp
ufw enable

# cat /etc/netplan/11-wg-dev.yaml 
network:
  version: 2
  renderer: NetworkManager
 
  tunnels:
    wg-mp-pakonb:
      mode: wireguard
      addresses:
        - 192.168.11.1/24
      nameservers:
        search: [dev]
        addresses: [192.168.1.111]
      key: xxxxxxxxxxxxxxxxxxxxxxxx
      peers:
        - keys:
            public: xxxxxxxxxxxxxxxxxxxxxxxxxx
          allowed-ips:
            - 192.168.11.0/24
            - 192.168.1.0/24
          keepalive: 15
          endpoint: ddns.example.com:1194

sudo apt install wireguard git dh-autoreconf libglib2.0-dev intltool build-essential libgtk-3-dev libnma-dev libsecret-1-dev network-manager-dev resolvconf
git clone https://github.com/max-moser/network-manager-wireguard
cd network-manager-wireguard
./autogen.sh --without-libnm-glib
./configure --without-libnm-glib --prefix=/usr --sysconfdir=/etc --libdir=/usr/lib/x86_64-linux-gnu --libexecdir=/usr/lib/NetworkManager --localstatedir=/var
make
sudo make install
 
# installing de.gmo as /usr/share/locale/de/LC_MESSAGES/NetworkManager-wireguard.mo
# installing en_GB.gmo as /usr/share/locale/en_GB/LC_MESSAGES/NetworkManager-wireguard.mo

sudo iptables -A FORWARD -i eth0 -p udp --dport 443 -j ACCEPT
sudo iptables -t nat -A PREROUTING -p udp --dport 443 -j DNAT --to-destination 192.168.1.123:1194