1 Wireguard gateway setup
4 WireGuard securely encapsulates IP packets over UDP. You add a WireGuard interface, configure it with your private key and your peers' public keys, and then you send packets across it. It's that easy. Compared to OpenVPN, Ipsec, or even tinc, this is by far the easiest to configure.
8 *Adapted from a mail conversation*
9 So in this particular setup we have a listening server and a client.
10 The client tunnels all IP requests (wildcard 0.0.0.0/0) through the wireguard interface.
11 The server only allows accept connections from one IP (and furthermore checks if the key is OK).
13 Generate public and private keys for client and server
16 The following cmd will create a private key with a corresponding public key.
17 Create these for both the server and your client.
20 wg genkey | tee private.key | wg pubkey > public.key
22 My configuration files are as follows:
25 A server with a virtual IP 172.16.16.1 (you can use any local LAN IP) is listening on port 51820.
26 Right now, it only accepts connection from one peer (172.16.16.2). Traffics from other peers or with invalid keys are dropped.
27 The server config is as follows
30 Address = 172.16.16.1/24
35 PublicKey = xxxxxxxxxxxxxx
36 AllowedIPs = 172.16.16.2/32
39 On the client side, we have a client with virtual IP 172.16.16.2. As for the peer, we have set a wildcard with 0.0.0.0/0. The endpoint
40 is our server. All traffic is sent through this tunnel (except for maybe LAN traffic).
43 Address = 172.16.16.2/32
44 PrivateKey = xxxxxxxxx
48 PublicKey = xxxxxxxxxxxxxx
49 Endpoint = 1.2.3.4:51820
50 AllowedIPs = 0.0.0.0/0
51 PersistentKeepalive = 21
55 You can start and stop your client/server with the wg-quick tool (if you compile by yourself, remember to build this tool as well)
58 wg-quick down wg0.conf
projects / robinkrens.nl / blob