This config is intended for a single WireGuard server with multiple clients and provides LAN and internet access to the clients. For an easier setup look into https://tailscale.com/
Install WireGuard. If on Ubuntu ≥ 18.04 just run the install command.
sudo add-apt-repository ppa:wireguard/wireguard
sudo apt-get update
sudo apt install wireguardRun the following command to generate the public and private keys.
sudo -i
cd /etc/wireguard/
wg genkey | tee privatekey | wg pubkey > publickeyView both keys and take note of them. They will be used later. Never share or post the private key.
cat privatekey
cat publickeyCreate the config file for WireGuard.
sudo nano /etc/wireguard/wg0.confAdd this to the config and save the file.
[Interface]
Address = 192.168.2.1/32
ListenPort = 12345
PrivateKey = [Private Key]
SaveConfig = false
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o [WAN Interface Name] -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o [WAN Interface Name] -j MASQUERADE
[Peer]
PublicKey = [Client Public Key]
AllowedIPs = 192.168.2.2/32
[Peer]
PublicKey = [Client Public Key]
AllowedIPs = 192.168.2.3/32Add firewall rule.
sudo ufw allow 12345/udpEnable IPv4 forwarding so that we can access the rest of the LAN and not just the server itself.
sudo nano /etc/sysctl.conf
#Uncomment line "net.ipv4.ip_forward=1"WireGuard runs as a kernel module and needs a restart of the server.
sudo systemctl start wg-quick@wg0
sudo systemctl stop wg-quick@wg0
#Run this command to force the new settings to take effect without restarting.
sysctl -p
echo 1 > /proc/sys/net/ipv4/ip_forwardStart the WireGuard service and enable it to start on reboot.
sudo systemctl enable wg-quick@wg0
sudo systemctl status wg-quick@wg0Verify that interface named wg0 is up and running.
sudo wgInstall the WireGuard client.
With the client running, click the dropdown Add Tunnel then click Add Empty Tunnel…
The Edit tunnel window will appear with a private and public key already created.
Add the following to the client config.
[Interface]
PrivateKey = [Auto Generated Cilent Private Key]
Address = 192.168.2.2/24
DNS = 192.168.1.1
[Peer]
PublicKey = [Copy the Server Public Key Here]
Endpoint = [Server IP or address Here]:12345
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25Finally, add the client public key to the server config.
Check version.
wg -vhttps://www.cyberciti.biz/faq/ubuntu-20-04-set-up-wireguard-vpn-server/
https://linuxize.com/post/how-to-set-up-wireguard-vpn-on-ubuntu-18-04/
https://www.wireguard.com/quickstart/