This is simple WireGuard server – client configuration to get started with WireGuard. I’m using separate conf file and privatekey because i’m configuring servers with Ansible scripts and dont want privatekey to be in my Ansible file.

Client is behind NAT so i’m using PersistentKeepalive variable on client.conf.

https://www.wireguard.com/quickstart/

Installation

https://www.wireguard.com/install/

Server configuration

Create private and publickeys

mkdir /etc/wireguard
chmod 700 /etc/wireguard
cd /etc/wireguard
wg genkey | tee privatekey | wg pubkey > publickey

Create configuration file

vi /etc/wireguard/server.conf

[Interface]
ListenPort = 34569

[Peer]
PublicKey = CLIENTPUBLICKEY
AllowedIPs = 192.168.20.2/32

chmod 600 /etc/wireguard/*

Create network device wg0

ip link add dev wg0 type wireguard
ip address add dev wg0 192.168.20.1/24

Configurate WireGuard with conf file

wg setconf wg0 /etc/wireguard/server.conf
wg set wg0 private-key /etc/wireguard/privatekey

Start WireGuard

ip link set up dev wg0

Client configuration

Create private and publickeys

mkdir /etc/wireguard
chmod 700 /etc/wireguard
cd /etc/wireguard
wg genkey | tee privatekey | wg pubkey > publickey

Create configuration file

vi /etc/wireguard/client.conf

[Interface]
ListenPort = 49257

[Peer]
PublicKey = SERVERPUBLICKEY
Endpoint = SERVERPUBLICIP:34569
PersistentKeepalive = 25
AllowedIPs = 192.168.20.1/32

chmod 600 /etc/wireguard/*

Create network device wg0

ip link add dev wg0 type wireguard
ip address add dev wg0 192.168.20.2/24

Configurate WireGuard with conf file

wg setconf wg0 /etc/wireguard/client.conf
wg set wg0 private-key /etc/wireguard/privatekey

Start WireGuard

ip link set up dev wg0