16
edits
WireGuard Tunnel: Difference between revisions
Jump to navigation
Jump to search
m
subheading stuffs
m (newline fuckery again) |
m (subheading stuffs) |
||
|
== Preparation ==
=== Install Dependencies ===
First up make sure you have wireguard-tools installed on both your server machine, and your client machines.
To make your changes persistent, you will need to edit your sysctl conf file(s).
On Ubuntu, you can find ipv4 forwarding commented out in <code>/etc/sysctl.conf</code>
==
=== Key Setup ===
Now we can begin the actual setup.
}}
=== Server wg0.conf ===
For demonstration purposes, we will be using <code>10.0.32.0/24</code> as our subnet. The server will have <code>10.0.32.1</code> assigned on the wg0 interface.
Repeat for each client, making sure to give each client a different ip address.
=== Bringing Your WireGuard Server Up ===
Now that we have configured our server, we can start the WireGuard service.
Run the following as root to start the WireGuard service on a systemd machine.
Run <code># journalctl -xeu wg-quick@wg0</code> to make sure that WireGuard started properly.
=== Client wg0.conf ===
Now, on your client(s), create <code>/etc/wireguard/wg0.conf</code> as well and put the following in. For demonstration purposes, we are using <code>10.0.32.2</code> once more.
{{code|lang=ini|
After pinging 10.0.32.1, you should also do <code># wg show</code> to make sure the handshake is successfully established.
== Traffic Routing ==
== Server nftables Configuration ==▼
▲=== Server nftables Configuration ===
Now that we have successfully established a link between the WireGuard server and our client, it is time to set up nftables on the server.
}}
=== Final Client Changes ===
At this point, you are encouraged to test via the client whether you can reach the internet.
If you can afford to lose internet on the client, you can change <code>AllowedIPs</code> in <code>/etc/wireguard/wg0.conf</code> to <code>0.0.0.0/0</code>.
| |||