I spent some time figuring out how WireGuard works and found the guidelines, including the official ones, to be rather complex. So, I’m jotting down my learnings here.
If you can’t be bothered with all the key and config files, https://www.wireguardconfig.com/ provides one click setup for that with QR code.
Steps to Set Up WireGuard
- Install the package
- Add a virtual network interface
- Create key pairs and configuration files
- Update kernel configuration
- Configure systemctl for auto start
1. Install the Package
First, install the WireGuard package by running:
|
|
2. Enable IP Forwarding
Uncomment net.ipv4.ip_forward=1
in /etc/sysctl.conf
to allow IP forwarding. Then, apply the changes and confirm:
|
|
3. Add the Virtual Interface
Add the virtual interface and assign a private IP address range:
|
|
4. Generate Key Pairs
Generate the key pairs. You’ll need to paste the plain text, not the file path, later on:
|
|
5. Create Server Configuration
Create /etc/wireguard/wg0.conf
for the server:
|
|
Update eth0
to the internal connected interface if different.
6. Test the Server
Test run the server:
|
|
7. Enable Auto Start with systemctl
If it works fine, hand over control to systemctl:
|
|
Check the status:
|
|
8. Create Client Configuration
Create client.conf
for the client:
|
|
9. Generate QR Code (Optional)
Optionally, create a QR code from client.conf
for easy setup. Install qrencode
:
|
|
Then generate the QR code:
|
|