This worked on Ubuntu 20.04
1sudo apt install wireguard 2wg genkey | tee server_private_key | wg pubkey > server_public_key
Create a file named wg0.conf
editor wg0.conf and add
1[Interface] 2PrivateKey = <private key of the server (the content of the server_private_key file)> 3Address = 10.0.0.1/24 4ListenPort = 51820
1chmod 600 server_public_key server_private_key wg0.conf 2sudo mv server_private_key server_public_key wg0.conf /etc/wireguard/ # Note at this point files are still owned by user sagar, but hopefully that is okay? 3 4sudo systemctl enable --now wg-quick@wg0 5sudo wg #check that the wg0 interface is up
At client i.e. local computer,
1wg genkey | tee client_private_key | wg pubkey > client_public_key
Similarly to the server, create a file named wg0.conf
editor wg0.conf and
1[Interface] 2PrivateKey = <client_private_key> 3Address = 10.0.0.2/24 4 5[Peer] 6PublicKey = <server_public_key> 7EndPoint = <server_public_ip>:51820 8AllowedIPs = 10.0.0.1/24
AllowedIPs line tells the Linux kernel, “If traffic is going to that IP, then route it through Wireguard”
1chmod 600 client_public_key client_private_key wg0.conf 2sudo mv client_public_key client_private_key wg0.conf /etc/wireguard 3sudo systemctl enable --now wg-quick@wg0
Now go to server and add the following [Peer] section in server’s wg0.conf, so that the complete file contents are
1[Interface] 2PrivateKey = <private key of the server (the content of the server_private_key file)> 3Address = 10.0.0.1/24 4ListenPort = 51820 5 6[Peer] 7PublicKey = <public key of the client> 8AllowedIPs = 10.0.0.2/24
Then on the server, issue the command
1systemctl restart wg-quick@wg0
At this point, you should be able to see the peer with the
sudo wg command. If the peer is not listed, something is wrong. Probably with the keys.
Now client should be able to ping wireguard server with
NOTE1: I suspect that the
/24 subnetmask in the configs above may be incorrect and may need to be
/32 else it’ll cause routing issues when more than one peer is added to the server.
NOTE2: I’ve noticed that the server can’t ping a client unless the client has pinged the server before. This logically makes sense because only the client configs have the server’s static IP address. The server does not know the (dynamic) IP addr of the client unless the client has pinged the server before.