Show pageBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Wireguard VPN ====== ===== Installation ===== Linux: see [[admin:linux:wireguard|Wireguard on Linux]] ===== create keys ===== <code bash>cd /etc/wireguard wg genkey | tee /dev/tty | wg pubkey # or, if you want to output to file: wg genkey | tee privkey | wg pubkey > pubkey </code> ===== config ===== ==== Server ==== <file ini /etc/wireguard/wg0.conf> [Interface] PrivateKey = <server privkey> Address = <server address>/24 ListenPort = 5226 PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i %i -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i %i -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE SaveConfig = true </file> ==== Peer ==== <file ini /etc/wireguard/wg0.conf> [Interface] Address = <peer IP address>/24 PrivateKey = <peer privkey> [Peer] PublicKey = <server pubkey> Endpoint = <server IP or hostname>:5226 AllowedIPs = 0.0.0.0/0 </file> ===== add peer ===== <code bash>wg set wg0 peer `cat clients/<peer>_public.key` allowed-ips <peer IP>/32</code> ===== Tutorials ===== * [[https://www.reddit.com/r/sysadmin/comments/9dime7/wireguard_vpn_walkthrough/]] * [[https://www.stavros.io/posts/how-to-configure-wireguard/]] * [[https://wiki.archlinux.org/index.php/WireGuard|Arch Wiki: Wireguard]] * [[https://technofaq.org/posts/2017/10/how-to-setup-wireguard-vpn-on-your-debian-gnulinux-server-with-ipv6-support/]] * [[https://www.linode.com/docs/networking/vpn/set-up-wireguard-vpn-on-ubuntu/]] ===== Public servers ===== * [[https://tunsafe.com/vpn|Tunsafe VPN]] ===== Windows ===== There's a [[https://lists.zx2c4.com/pipermail/wireguard/2021-August/006887.html|Kernel mode implementation since August 2021]], which is enabled by default. ===== Tools ===== * [[https://github.com/gravitl/netmaker|Netmaker]] – Wireguard web interface. Last modified: 2024-07-05 14:31