WireGuard: Difference between revisions
Completed article |
Added attribution |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 51: | Line 51: | ||
=== Generate a public/private key pair === | === Generate a public/private key pair === | ||
* | * Generate a private and public key for the server. You can use the following command: | ||
wg genkey | tee server-privatekey | wg pubkey > server-publickey | wg genkey | tee server-privatekey | wg pubkey > server-publickey | ||
**<code>server-privatekey</code> and <code>server-publickey</code> are filenames and can be anything you want and can be changed accordingly. These files are not directly used by WireGuard. | **<code>server-privatekey</code> and <code>server-publickey</code> are filenames and can be anything you want and can be changed accordingly. These files are not directly used by WireGuard. | ||
| Line 116: | Line 117: | ||
=== Generate a public/private key pair === | === Generate a public/private key pair === | ||
* We will | * We will generated a public/private key pair much the same way as we did for the server: | ||
wg genkey | tee client-privatekey | wg pubkey > client-publickey | wg genkey | tee client-privatekey | wg pubkey > client-publickey | ||
** The name <code>client</code> for the file name can be changed to anything you like for convenience. | ** The name <code>client</code> for the file name can be changed to anything you like for convenience. | ||
| Line 150: | Line 151: | ||
* Open the server configuration file - <code>nano wg0.conf</code> | * Open the server configuration file - <code>nano wg0.conf</code> | ||
* Add the <code>[Peer]</code> section as follows: | * Add the <code>[Peer]</code> section, marked in italics, as follows: | ||
[Interface] | [Interface] | ||
## Local Address : A private IP address for wg0 interface. | ## Local Address : A private IP address for wg0 interface. | ||
Address = 10.20.10.1/24 | Address = 10.20.10.1/24 | ||
| Line 164: | Line 165: | ||
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT | PostDown = iptables -D FORWARD -i wg0 -j ACCEPT | ||
PostDown = iptables -t nat -D POSTROUTING -o em1 -j MASQUERADE<br> | PostDown = iptables -t nat -D POSTROUTING -o em1 -j MASQUERADE<br> | ||
[Peer] | ''[Peer]'' | ||
''# one client which will be setup to use 10.20.10.2 IP'' | |||
''PublicKey = 92p5r33HRrEvzlQJIdANcyIKx0JgtNV5VfQOOwLnFwM='' | |||
PublicKey = 92p5r33HRrEvzlQJIdANcyIKx0JgtNV5VfQOOwLnFwM= | ''AllowedIPs = 10.20.10.2/32'' | ||
AllowedIPs = 10.20.10.2/32 | |||
* Tweak the file to match your client configuration: | * Tweak the file to match your client configuration: | ||
** <code>PublicKey = 92p5r33HRrEvzlQJIdANcyIKx0JgtNV5VfQOOwLnFwM=</code> - the public key generated for the client. | ** <code>PublicKey = 92p5r33HRrEvzlQJIdANcyIKx0JgtNV5VfQOOwLnFwM=</code> - the public key generated for the client. | ||
| Line 190: | Line 190: | ||
* Add another <code>[Peer]</code> section to the server configuration. | * Add another <code>[Peer]</code> section to the server configuration. | ||
* Reload the WireGuard server. | * Reload the WireGuard server. | ||
== See also == | |||
Thank you to "Mark Liversedge" at [https://markliversedge.blogspot.com/2023/09/wireguard-setup-for-dummies.html Wireguard setup for dummeies] with his comprehensive guide that made this possible for me | |||