Sample configuration for wireguard

Server configuration:

[Interface]
Address = 10.8.0.1/24
#MTU = 1200
PostUp = ufw route allow in on wg0 out on eth0
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PreDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
PreDown = ufw route delete allow in on wg0 out on eth0
ListenPort = 48000
PrivateKey = <base64_encoded_private_key>

[Peer]
# Client 1
PublicKey = <base64_encoded_public_key_client_1>
AllowedIPs = 10.8.0.5/32

[Peer]
# CLient 2
PublicKey = <base64_encoded_public_key_client_2>
AllowedIPs = 10.8.0.6/32

Note: Clients should only accept traffic to/from themselves to be able to connect other clients. that is why AllowedIPs has sub-net 32 in the server configuration.

Client 1 Configuration:

[Interface]
PrivateKey = <base64_encoded_private_key>
Address = 10.8.0.6/24
MTU = 1280

[Peer]
PublicKey = <base64_encoded_public_key_server>
AllowedIPs = 10.8.0.0/24
Endpoint = 172.104.238.165:48000
PersistentKeepalive = 25

Client 2 Configuration:

[Interface]
Address = 10.8.0.5/24
PrivateKey = <base64_encoded_private_key>
MTU = 1280


[Peer]
PublicKey = <base64_encoded_public_key_server>
AllowedIPs = 10.8.0.0/24
Endpoint = 172.104.238.165:48000
PersistentKeepalive = 25

Proverb

A journey of a thousand miles begins with a single step

Copyright

Copyright © Prabin Dahal 2022. This website is made using TYPO3. Visit http://typo3.org for more details.

Disclaimer

Please see the disclaimer page.

Mastodon @prabin