2.1 KiB
Wireguard Quick Start
https://www.wireguard.com/quickstart/
- level 3 VPN Protocol.
- designed for Linux (works on BSD, MacOS and Windows too).
- network interface as most basic foundation of operation.
The interface can be named almost arbitrarily. Below wg0 is used as a
generic interface name (like used in many public tutorials). Replace wg0
with an interface name for the VPN connection, e.g. home, mycloud or
secret-work-jump-host.
Linux CLI
Cheat Sheet: https://gist.github.com/chrisswanda/88ade75fc463dcf964c6411d1e9b20f4
Tutorial with best Explaination: https://medium.com/tangram-visions/what-they-dont-tell-you-about-setting-up-a-wireguard-vpn-46f7bd168478
Create Keys
$ umask 077
$ wg genkey | tee host.key | wg pubkey > host.pubSetup the Interface
# sudo wg-quick up wg0.confAdd Peer
# add peer
wg set wg0 peer <client_pubkey> allowed-ips 10.0.0.x/32 persistent-keepalive 25
# verify connection
wg
# save to config
wg-quick save wg0Mobile Client
requires qrencode package installed:
qrencode -t ansiutf8 < tunnel.conf
where tunnel.conf is the configuration file for the client, including its private and public keys.
Start/Stop Interface
# Start/stop interface
wg-quick up wg0
wg-quick down wg0
# Start/stop service
$ sudo systemctl stop wg-quick@wg0.service
$ sudo systemctl start wg-quick@wg0.service
# Enable service at startup
sudo systemctl enable wg-quick@wg0.serviceSync the configuration without restarting the interface
From man wg-quick: The strip command is useful for reloading
configuration filesystem without disrupting active sessions:
# wg syncconf wg0 <(wg-quick strip wg0)