Wireguard

Installing Wireguard

This worked on Ubuntu 20.04

1sudo apt install wireguard
2wg genkey | tee server_private_key | wg pubkey > server_public_key

Create a file named wg0.conf editor wg0.conf and add

1[Interface]
2PrivateKey = <private key of the server (the content of the server_private_key file)>
3Address = 10.0.0.1/24
4ListenPort = 51820

1chmod 600 server_public_key server_private_key wg0.conf
2sudo mv server_private_key server_public_key wg0.conf /etc/wireguard/ # Note at this point files are still owned by user sagar, but hopefully that is okay?
3
4sudo systemctl enable --now wg-quick@wg0
5sudo wg #check that the wg0 interface is up

At client i.e. local computer,

1wg genkey | tee client_private_key | wg pubkey > client_public_key

Similarly to the server, create a file named wg0.conf editor wg0.conf and

1[Interface]
2PrivateKey = <client_private_key>
3Address = 10.0.0.2/24
4
5[Peer]
6PublicKey = <server_public_key>
7EndPoint  = <server_public_ip>:51820
8AllowedIPs = 10.0.0.1/24

Note: The AllowedIPs line tells the Linux kernel, “If traffic is going to that IP, then route it through Wireguard”

1chmod 600 client_public_key client_private_key wg0.conf
2sudo mv client_public_key client_private_key wg0.conf /etc/wireguard
3sudo systemctl enable --now wg-quick@wg0

Now go to server and add the following [Peer] section in server’s wg0.conf, so that the complete file contents are

1[Interface]
2PrivateKey = <private key of the server (the content of the server_private_key file)>
3Address = 10.0.0.1/24
4ListenPort = 51820
5
6[Peer]
7PublicKey = <public key of the client>
8AllowedIPs = 10.0.0.2/24

Then on the server, issue the command

1systemctl restart wg-quick@wg0

At this point, you should be able to see the peer with the sudo wg command. If the peer is not listed, something is wrong. Probably with the keys.

Now client should be able to ping wireguard server with ping 10.0.0.1

NOTE1: I suspect that the /24 subnetmask in the configs above may be incorrect and may need to be /32 else it’ll cause routing issues when more than one peer is added to the server. NOTE2: I’ve noticed that the server can’t ping a client unless the client has pinged the server before. This logically makes sense because only the client configs have the server’s static IP address. The server does not know the (dynamic) IP addr of the client unless the client has pinged the server before.