Ivan Tomica

Wireguard Server-Client configuration

Setting up Wireguard based VPN is quite easy. Depending on your distribution you install kernel headers (as Wireguard is loaded kernel module), install Wireguard and configure it and you’re off to the races.

With Linux kernel 5.6 Wireguard will be built in so this process will be even simpler.

Installation

Currently on my Ubuntu (18.04) based server, I had to do the following:

apt-get update
apt-get install linux-headers-$(uname -r)
add-apt-repository ppa:wireguard/wireguard
apt-get install wireguard

Since that automatically built kernel module, loading it with:

modprobe wireguard

Should be enough. As I also had some kernel version discrepancies on this VPS I had to reboot server to load into newer kernel.

Configuration

To configure server I had basically done the following.

Enable IPv4 address forwarding

sysctl -w net.ipv4.ip_forward=1

Generate private/public key

cd /etc/wireguard/
wg genkey > private-key
wg pubkey > public-key < private-key

While configuring Wireguard I’ve also added peer immediately since I’ve already generated key on client and sent its public key to this server.

[Interface]
Address = 10.0.0.1/24
SaveConfig = true
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWAR
D -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORW
ARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51820
PrivateKey = REDACTED_SERVER_PRIVATE_KEY

[Peer]
PublicKey = REDACTED_CLIENT_PUBLIC_KEY
AllowedIPs = 10.0.0.3/32

Of course you need to replace:

  • REDACTED_SERVER_PRIVATE_KEY with contents of that private-key file we’ve generated previously
  • REDACTED_CLIENT_PUBLIC_KEY with contents of the public key on the client side
  • You also need to configure client with contents of the public-key file

Once everything is in place start up the service on the server:

wg-quick up wg0

Then on the client you can also toggle connection.

Tagged in:, , ,
About 
Sysadmin on the everlasting journey of learning.

0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *