Sample configuration for wireguard
Server configuration:
[Interface]
Address = 10.8.0.1/24
#MTU = 1200
PostUp = ufw route allow in on wg0 out on eth0
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PreDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
PreDown = ufw route delete allow in on wg0 out on eth0
ListenPort = 48000
PrivateKey = <base64_encoded_private_key>
[Peer]
# Client 1
PublicKey = <base64_encoded_public_key_client_1>
AllowedIPs = 10.8.0.5/32
[Peer]
# CLient 2
PublicKey = <base64_encoded_public_key_client_2>
AllowedIPs = 10.8.0.6/32
Note: Clients should only accept traffic to/from themselves to be able to connect other clients. that is why
AllowedIPs
has sub-net 32 in the server configuration.
Client 1 Configuration:
[Interface]
PrivateKey = <base64_encoded_private_key>
Address = 10.8.0.6/24
MTU = 1280
[Peer]
PublicKey = <base64_encoded_public_key_server>
AllowedIPs = 10.8.0.0/24
Endpoint = 172.104.238.165:48000
PersistentKeepalive = 25
Client 2 Configuration:
[Interface]
Address = 10.8.0.5/24
PrivateKey = <base64_encoded_private_key>
MTU = 1280
[Peer]
PublicKey = <base64_encoded_public_key_server>
AllowedIPs = 10.8.0.0/24
Endpoint = 172.104.238.165:48000
PersistentKeepalive = 25