apt install wireguard wireguard-tools nftables
only wireguard-tools is required, as -current contains the module already
#sbopkg -i wireguard-linux-compat sbopkg -i wireguard-tools
required on any peer
mkdir ~/wg/ chmod 700 ~/wg/ cd ~/wg/ wg genkey > $HOSTNAME.key wg pubkey < $HOSTNAME.key > `uname -n`.pub chmod 400 *
echo $HOSTNAME cd /etc/wireguard cat > wg0.conf <<EOF [Interface] PrivateKey = `cat $HOME/wg/$HOSTNAME.key` Address = 10.8.0.1/24 ListenPort = 51820 SaveConfig = false [Peer] PublicKey = CLIENT-PUBKEY AllowedIPs = 10.8.0.2/32 EOF cp -pi /etc/sysctl.conf /etc/sysctl.conf.dist echo net.ipv4.ip_forward = 1 >> /etc/sysctl.conf sysctl -p chmod -x /etc/nftables.conf vi /etc/nftables.conf table ip nat flush table ip nat table ip nat { # SNAT chain postrouting { type nat hook postrouting priority srcnat; ip saddr 10.8.0.0/24 oif INTERNAL-NIC snat INTERNAL-IP; } }
echo $HOSTNAME cd /etc/wireguard cat > wg0.conf <<EOF [Interface] PrivateKey = `cat $HOME/wg/$HOSTNAME.key` Address = 10.8.0.2/24 [Peer] PublicKey = SERVER-PUB-KEY-HERE AllowedIPs = 10.8.0.0/24, ROUTED-INTERNAL-CIDR Endpoint = SERVER-ADDRESS-HERE:51820 EOF
on both peers
lsmod | grep wireguard systemctl enable wg-quick@wg0.service systemctl status wg-quick@wg0.service systemctl restart wg-quick@wg0.service systemctl enable nftables systemctl status nftables systemctl restart nftables
on some peer
ping 10.8.0.1
on some peer
nmap -sU -p 51820 SERVER-ADDRESS netstat -rn --inet tcpdump -ttttni xenbr0 udp port 51820
https://www.wireguard.com/install/
https://www.wireguard.com/quickstart/
https://www.wireguard.com/quickstart/#key-generation
https://slackbuilds.org/repository/14.2/network/wireguard-linux-compat/
https://slackbuilds.org/repository/14.2/network/wireguard-tools/
https://wiki.archlinux.org/title/WireGuard –> file-based configs
https://www.digitalocean.com/community/tutorials/how-to-set-up-wireguard-on-ubuntu-20-04
https://www.ckn.io/blog/2017/11/14/wireguard-vpn-typical-setup/
https://vmwaremine.com/2020/10/01/how-to-check-vpn-link-status-on-wireguard/
https://www.reddit.com/r/WireGuard/comments/a0s6p2/troubleshooting_wireguard_any_logs_available/
https://www.procustodibus.com/blog/2021/03/wireguard-logs/
https://stackoverflow.com/questions/61109400/wireguard-how-to-log-network-activity
https://lists.zx2c4.com/pipermail/wireguard/2019-March/004027.html
https://serverfault.com/questions/1058255/configure-dns-routing-in-wireguard
https://www.vmwaremine.com/2020/10/01/how-to-check-vpn-link-status-on-wireguard/
https://www.procustodibus.com/blog/2021/01/how-to-monitor-wireguard-activity/
https://procustodibus.com/blog/2021/11/wireguard-nftables/