Commands to go along with the video (in slightly different but arguably more efficient order).
Add the wireguard repository:
add-apt-repository ppa:wireguard/wireguard
Install wireguard:
apt install wireguard
Generate your keys:
wg genkey | tee privatekey | wg pubkey > publickey
Display network info you will need for configuration:
ip a
Create a config file (in /etc/wireguard)
vim wg0.conf
Example server config:
[Interface]
Address = 10.200.0.69/24
SaveConfig = true
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; iptables -A FORWARD -o %i -j ACCEPT
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; iptables -D FORWARD -o %i -j ACCEPT
ListenPort = 51820
PrivateKey = wADuInj2Od1rt74HRu80MxnLrqh/VY/R4BNqcaXRUlU=
Allow SSH on uncomplicated firewall:
ufw allow 22/tcp
Allow wireguard on uncomplicated firewall:
ufw allow 51820/udp
Enable uncomplicated firewall:
ufw enable
Example client config:
[Interface]
PrivateKey = AIs+jwIIx0mHa4gnLn8HfgclQRq7SgS1jxeb8ZTH5mM=
Address = 10.200.0.96/24
DNS = 8.8.8.8
[Peer]
PublicKey = NtriTSUtGSXXk4JUkE35savYY72x9HSw8GUeSCI2fn4=
AllowedIPs = 0.0.0.0/0
Endpoint = 198.74.53.157:51820
Start wireguard server:
wg-quick up wg0
Add client as a peer on server:
wg set wg0 peer cVU13uIpVWxCPE40uRB9ItoUQSq1rRuSuYncYWawViI= allowed-ips 10.200.0.96
Edit system config to allow forwarding:
vim /etc/sysctl.conf
Set wireguard to start on boot:
systemctl enable wg-quick@wg0
<update, upgrade, reboot>