Wireguard
Created on 2021-01-18T23:00:45-06:00
Generating key pairs
umask 077 # all new files are owner rw, group and others no permission wg genkey | tee private.key | wg pubkey > public.key
AllowedIPs
Controls which IPs are allowed to send packets through the VPN.
If your wireguard network uses 192.168.1.0/24 as its subnet, you would use an IP of 192.168.1.0/24 as the AllowedIP to allow all other wireguard hosts to talk.
If you have a network behind the VPN server you would want to include that in addition to the wireguard subnet.
Example: 192.168.1.0/24, 192.168.2.0/24
0.0.0.0/0 allows all IP4 traffic, ::/0 allows all IP6 traffic.
Creating devices manually
ip link add dev wg0 type wireguard ip address add dev wg0 192.168.2.1/24 << configure the device >> ip link set up dev wg0
Configuring the device
Choose one:
wg setconf wg0 myconfig.conf wg set wg0 listen-port 51820 private-key /path/to/private-key peer ABCDEF... allowed-ips 192.168.88.0/24 endpoint 209.202.254.14:8172