This is simple WireGuard server – client configuration to get started with WireGuard. I’m using separate conf file and privatekey because i’m configuring servers with Ansible scripts and dont want privatekey to be in my Ansible file.
Client is behind NAT so i’m using PersistentKeepalive variable on client.conf.
https://www.wireguard.com/quickstart/
Installation
https://www.wireguard.com/install/
Server configuration
Create private and publickeys
mkdir /etc/wireguard
chmod 700 /etc/wireguard
cd /etc/wireguard
wg genkey | tee privatekey | wg pubkey > publickey
Create configuration file
vi /etc/wireguard/server.conf
[Interface] ListenPort = 34569 [Peer] PublicKey = CLIENTPUBLICKEY AllowedIPs = 192.168.20.2/32
chmod 600 /etc/wireguard/*
Create network device wg0
ip link add dev wg0 type wireguard
ip address add dev wg0 192.168.20.1/24
Configurate WireGuard with conf file
wg setconf wg0 /etc/wireguard/server.conf
wg set wg0 private-key /etc/wireguard/privatekey
Start WireGuard
ip link set up dev wg0
Client configuration
Create private and publickeys
mkdir /etc/wireguard
chmod 700 /etc/wireguard
cd /etc/wireguard
wg genkey | tee privatekey | wg pubkey > publickey
Create configuration file
vi /etc/wireguard/client.conf
[Interface] ListenPort = 49257 [Peer] PublicKey = SERVERPUBLICKEY Endpoint = SERVERPUBLICIP:34569 PersistentKeepalive = 25 AllowedIPs = 192.168.20.1/32
chmod 600 /etc/wireguard/*
Create network device wg0
ip link add dev wg0 type wireguard
ip address add dev wg0 192.168.20.2/24
Configurate WireGuard with conf file
wg setconf wg0 /etc/wireguard/client.conf
wg set wg0 private-key /etc/wireguard/privatekey
Start WireGuard
ip link set up dev wg0