16
edits
m (newlines) |
m (newline fuckery again) |
||
*Basic knowledge of how computers and Linux systems work.
== Preparation
=== Install Dependencies ===
First up make sure you have wireguard-tools installed on both your server machine, and your client machines.
On Ubuntu, you can find ipv4 forwarding commented out in <code>/etc/sysctl.conf</code>
== Key Setup
Now we can begin the actual setup.
}}
== Server wg0.conf
For demonstration purposes, we will be using <code>10.0.32.0/24</code> as our subnet. The server will have <code>10.0.32.1</code> assigned on the wg0 interface.
Repeat for each client, making sure to give each client a different ip address.
== Bringing Your WireGuard Server Up
Now that we have configured our server, we can start the WireGuard service.
Run the following as root to start the WireGuard service on a systemd machine.
Run <code># journalctl -xeu wg-quick@wg0</code> to make sure that WireGuard started properly.
== Client wg0.conf
Now, on your client(s), create <code>/etc/wireguard/wg0.conf</code> as well and put the following in. For demonstration purposes, we are using <code>10.0.32.2</code> once more.
{{code|lang=ini|
After pinging 10.0.32.1, you should also do <code># wg show</code> to make sure the handshake is successfully established.
== Server nftables Configuration
Now that we have successfully established a link between the WireGuard server and our client, it is time to set up nftables on the server.
}}
== Final Client Changes
At this point, you are encouraged to test via the client whether you can reach the internet.
If you can afford to lose internet on the client, you can change <code>AllowedIPs</code> in <code>/etc/wireguard/wg0.conf</code> to <code>0.0.0.0/0</code>.
If this does in fact work, then you have successfully completed your WireGuard tunnel.
== Extras
While by this point you may have already set up the tunnel, there are some things you might want to add on to the setup. For example, you might want to pass through ports from your client to the server.
|
edits