Frequently Asked Question
WireGuard Setup
Last Updated 6 years ago
Step 1: Install WireGuard on Server
Add the WireGuard repository and install the software on the server.
Generate a public and private certificate on the server
Step 3: Create Server Config
Create the server configuration file (/etc/wireguard/wg0.conf) using the template provided here.
Step 4: Enable IPv4 Forwarding
Enable IPv4 forwarding so that we can access the rest of the LAN and not just the server itself.
Open /etc/sysctl.conf and comment out the following line
Start WireGuard on the Server and enable WireGuard to start automatically when the server starts.
Add the WireGuard repository and install the software on the client.
Step 7: Generate Certificates
Generate a public and private certificate on the client
Step 8: Create client Config
Create the client configuration file (/etc/wireguard/wg0-client.conf) using the template provided here.
[Interface]
Address = 10.100.100.2/32
PrivateKey =
[Peer]
PublicKey =
Endpoint = :51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 21
Step 9: Start the WireGuard Client
Add the WireGuard repository and install the software on the server.
add-apt-repository ppa:wireguard/wireguardStep 2: Generate Certificates
apt-get update
apt-get install wireguard-dkms wireguard-tools linux-headers-$(uname -r)
Generate a public and private certificate on the server
umask 077
wg genkey | tee server_private_key | wg pubkey > server_public_key
Step 3: Create Server Config
Create the server configuration file (/etc/wireguard/wg0.conf) using the template provided here.
[Interface]
Address = 10.100.100.1/24
SaveConfig = true
PrivateKey =
ListenPort = 51820
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
PublicKey =
AllowedIPs = 10.100.100.2/32
Step 4: Enable IPv4 Forwarding
Enable IPv4 forwarding so that we can access the rest of the LAN and not just the server itself.
Open /etc/sysctl.conf and comment out the following line
net.ipv4.ip_forward=1Step 5: Restart the server, or use the following commands for the IP forwarding to take effect without restarting the server
Step 5: Start WireGuard
sysctl -p
echo 1 > /proc/sys/net/ipv4/ip_forward
Start WireGuard on the Server and enable WireGuard to start automatically when the server starts.
chown -v root:root /etc/wireguard/wg0.confStep 6: Install WireGuard on Client
chmod -v 600 /etc/wireguard/wg0.conf
wg-quick up wg0
systemctl enable wg-quick@wg0.service
Add the WireGuard repository and install the software on the client.
sudo add-apt-repository ppa:wireguard/wireguard
sudo apt-get update
sudo apt-get install wireguard-dkms wireguard-tools linux-headers-$(uname -r)
Step 7: Generate Certificates
Generate a public and private certificate on the client
wg genkey | tee client_private_key | wg pubkey > client_public_key
Step 8: Create client Config
Create the client configuration file (/etc/wireguard/wg0-client.conf) using the template provided here.
[Interface]
Address = 10.100.100.2/32
PrivateKey =
[Peer]
PublicKey =
Endpoint = :51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 21
Step 9: Start the WireGuard Client
sudo wg-quick up wg0-client