Wireguard installation notes
- To load and verify wireguard linux kernel module:
modprobe wireguard
;lsmod | grep wireguard
- To load permanently:
sudo echo 'wireguard' >> /etc/modules
- Install wireguard tools:
apt install wireguard-tools
- Generate server key, save and secure:
wg genkey | sudo tee /etc/wireguard/server.key
;chmod 0400 /etc/wireguard/server.key
- Public key:
cat /etc/wireguard/server.key | wg pubkey | sudo tee /etc/wireguard/server.pub
mkdir -p /etc/wireguard/clients
wg genkey | tee /etc/wireguard/clients/client1.key
cat /etc/wireguard/clients/client1.key | wg pubkey | tee /etc/wireguard/clients/client1.pub
/etc/wireguard/wg0.conf
[Interface]
PrivateKey = <>
Address = 192.168.0.104/29
ListenPort = 51820
SaveConfig = true
[Peer]
PublicKey = <>
AllowedIPs = 192.168.0.1/24
- Only required for egress from vpn server:
/etc/sysctl.conf
: uncommentnet.ipv4.ip_forward=1
; Apply:sysctl -p
ip route list default