WireGuard
Modern, high-performance VPN tunnel
Install and generate keys
# install
apt install wireguard-tools # Ubuntu
brew install wireguard-tools # MacOS
yum install wireguard # Fefora/CentOS
# generate all keys
wg genkey | sudo tee /etc/wireguard/wg0.key | wg pubkey | sudo tee /etc/wireguard/wg0.pub
wg genkey | sudo tee /etc/wireguard/peer1.key | wg pubkey | sudo tee /etc/wireguard/peer1.pub
wg genkey | sudo tee /etc/wireguard/peer2.key | wg pubkey | sudo tee /etc/wireguard/peer2.pubPeer Server / Relay Server
# config and setup
sudo mkdir -p /etc/wireguard
sudo cat > /etc/wireguard/wg0.conf << "EOF"
[Interface]
Address = 10.250.0.250/32
ListenPort = 51820
PrivateKey = "wg0_key_content"
# DNS = 1.1.1.1,8.8.8.8
# Table = 12345
# MTU = 1500
# PreUp = /bin/example arg1 arg2 %i
# PreDown = /bin/example arg1 arg2 %i
PostUp = sysctl -w net.ipv4.ip_forward=1
#PostUp = iptables -I INPUT -p udp --dport 51820 -j ACCEPT
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT
PostUp = iptables -A FORWARD -o wg0 -j ACCEPT
#PostUp = iptables -t nat -A POSTROUTING -o ens0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT
PostDown = iptables -D FORWARD -o wg0 -j ACCEPT
#PostDown = iptables -t nat -D POSTROUTING -o ens0 -j MASQUERADE
[Peer]
AllowedIPs = 10.250.0.1/32
PublicKey = "peer1_pub_content"
[Peer]
AllowedIPs = 10.250.0.2/32
PublicKey = "peer2_pub_content"
EOF
# Set permission
chmod 600 /etc/wireguard/wg0.conf
# Startup
systemctl enable [email protected] --nowPeer Client
Management
Last updated