WireGuard | panticz.de

Server

sudo apt install -y wireguard
 
cd /etc/wireguard
umask 077;
wg genkey | tee privatekey | wg pubkey > publickey
 
/etc/wireguard/wg0.conf
[Interface]
Address = 192.168.6.1/24
ListenPort = 1194
PrivateKey = qz3LQkTEA8tOJEORyUxT2w2SIwdXwCLcO7joKq58tUs=
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE     
 
[Peer]
PublicKey = wL+h2EqxaQpcWgwO8SIXPGqhHgssvj9xqjHAPjYLJ28=
AllowedIPs = 192.168.6.2/32
 
sudo ufw allow 1194/udp
sudo ufw status
 
sudo systemctl enable wg-quick@wg0
sudo systemctl start wg-quick@wg0
sudo systemctl status wg-quick@wg0
 
# watch connections
watch -n1 wg

Client

sudo apt install wireguard
sudo sh -c 'umask 077; touch /etc/wireguard/wg0.conf'
sudo -i
cd /etc/wireguard/
umask 077; wg genkey | tee privatekey | wg pubkey > publickey
 
cat privatekey
 
cat wg0.conf 
[Interface]
PrivateKey = uEQv4rLd73d9Snowzkdb+zfhlmHL+EoHK8C/yvHnz2o=
Address = 192.168.6.2/24
 
[Peer]
PublicKey = 6LqUWZ7OgM0SX+EKRHpOJ5UscFei/g3LEjA2Y+4K2m4=
AllowedIPs = 192.168.6.0/24, 10.0.1.0/24
Endpoint = ${WG_SERVER_IP}:1194
PersistentKeepalive = 15

Android cllient
https://play.google.com/store/apps/details?id=com.wireguard.android

# generate configuration as QRcode 
sudo apt install -y qrencode
cat wg0.conf | qrencode -t ansiutf8 -t png -o wg0.png
 
# auto VPN tunnel on Wifi
https://www.youtube.com/watch?v=pCldPHn5SBg

NetworkManager
https://blogs.gnome.org/thaller/2019/03/15/wireguard-in-networkmanager/

nmcli connection import type wireguard file wg0.conf
nmcli connection up wg0
nmcli connection down wg0
nmcli connection delete wg0
nmcli connection modify wg0 autoconnect no

Forward

echo "net.ipv4.ip_forward = 1" >  /etc/sysctl.d/99-ip_forward.conf
sysctl -w net.ipv4.ip_forward=1
 
sudo apt install -y wireguard
sudo ufw allow 22/tcp
sudo ufw allow 1194/udp
ufw enable

Update network-manager-gnome to 1.18.0-1ubuntu2 with WireGuard support on Ubuntu Focal 20.04
https://packages.ubuntu.com/groovy/network-manager-gnome

echo "deb http://de.archive.ubuntu.com/ubuntu groovy main restricted universe multiverse" |     sudo tee /etc/apt/sources.list.d/ubuntu-groovy.list
echo "deb http://de.archive.ubuntu.com/ubuntu groovy-updates main restricted universe multiverse" |     sudo tee /etc/apt/sources.list.d/ubuntu-groovy-updates.list
sudo apt update
apt install -y network-manager-gnome
rm /etc/apt/sources.list.d/ubuntu-groovy*
apt update

Netplan
https://netplan.io/reference/

tunnels:
  wg0:
    mode: wireguard
    addresses: [...]
    peers:
      - keys:
          public: rlbInAj0qV69CysWPQY7KEBnKxpYCpaWqOs/dLevdWc=
          shared: /path/to/shared.key
        ...
    key: mNb7OIIXTdgW4khM7OFlzJ+UPs7lmcWHV7xjPgakMkQ=

OpenWRT
https://openwrt.org/docs/guide-user/services/vpn/wireguard/client
https://openwrt.org/docs/guide-user/network/tunneling_interface_protocols#static_addressing_of_wireguard_tunnel

UI
https://github.com/perara/wg-manager
# subspace
https://github.com/subspacecloud/subspace
https://hub.docker.com/r/subspacecloud/subspace
https://www.digitalocean.com/community/questions/how-to-install-subspace-on-ubuntu-server

Links
https://www.wireguard.com/install/
https://www.cyberciti.biz/faq/ubuntu-20-04-set-up-wireguard-vpn-server/
https://staaldraad.github.io/2017/04/17/nat-to-nat-with-wireguard/
https://tech.davidfield.co.uk/using-wireguard-when-your-linux-distro-hasnt-caught-up-yet/
https://medium.com/opsops/starting-with-wireguard-d17518869a60
https://blog.linuxserver.io/2019/11/24/connect-an-ubuntu-client-to-opnsense-wireguard-tunnel-with-a-gui-toggle-in-gnome/