* Wireguard Quick Start https://www.wireguard.com/quickstart/ - level 3 VPN Protocol. - designed for Linux (works on BSD, MacOS and Windows too). - network interface as most basic foundation of operation. The interface can be named almost arbitrarily. Below ~wg0~ is used as a generic interface name (like used in many public tutorials). Replace ~wg0~ with an interface name for the VPN connection, e.g. ~home~, ~mycloud~ or ~secret-work-jump-host~. ** Linux CLI Cheat Sheet: https://gist.github.com/chrisswanda/88ade75fc463dcf964c6411d1e9b20f4 Tutorial with best Explaination: https://medium.com/tangram-visions/what-they-dont-tell-you-about-setting-up-a-wireguard-vpn-46f7bd168478 *** Create Keys #+begin_src bash $ umask 077 $ wg genkey | tee host.key | wg pubkey > host.pub #+end_src *** Setup the Interface #+begin_src bash # sudo wg-quick up wg0.conf #+end_src *** Add Peer #+begin_src bash # add peer wg set wg0 peer allowed-ips 10.0.0.x/32 persistent-keepalive 25 # verify connection wg # save to config wg-quick save wg0 #+end_src **** Mobile Client requires ~qrencode~ package installed: ~qrencode -t ansiutf8 < tunnel.conf~ where ~tunnel.conf~ is the configuration file for the client, including its private and public keys. *** Start/Stop Interface #+begin_src bash # Start/stop interface wg-quick up wg0 wg-quick down wg0 # Start/stop service $ sudo systemctl stop wg-quick@wg0.service $ sudo systemctl start wg-quick@wg0.service # Enable service at startup sudo systemctl enable wg-quick@wg0.service #+end_src *** Sync the configuration without restarting the interface From ~man wg-quick~: The strip command is useful for reloading configuration files without disrupting ac‐ tive sessions: #+begin_src bash # wg syncconf wg0 <(wg-quick strip wg0) #+end_src ** Alternative Webinterfaces for Managing Clients - https://github.com/place1/wg-access-server/ - https://github.com/WeeJeWel/wg-easy - https://github.com/subspacecommunity/subspace - https://github.com/vx3r/wg-gen-web - non-web: https://github.com/mullvad/wg-manager