sudo apt install software-properties-common
sudo add-apt-repository ppa:wireguard/wireguard
sudo apt update
sudo apt install wireguard-dkms wireguard-tools
wg genkey | tee privatekey | wg pubkey > publickey
Make sure to do this on both hosts!
Make sure you open the firewall (or AWS security group) for the Wireguard port.
Create a config file
cat /etc/wireguard/wg0.conf
[Interface]
Address = 10.192.122.1/24
SaveConfig = true
ListenPort = 51820
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
PrivateKey = <INSERTSERVERPRIVATEKEYHERE>
[Peer]
PublicKey = <INSERTPEERPUBLICKEYHERE>
AllowedIPs = 10.192.122.2/32
Add all your [Peer]
into the config file.
Start the server and enable it at runtime:
wg-quick up wg0
systemctl enable wg-quick@wg0
Create a config file in /etc/wireguard/wg0.conf
[Interface]
Address = 10.192.122.2/32
PrivateKey = <INSERTCLIENTPRIVATEKEYHERE>
DNS = 1.1.1.1
[Peer]
PublicKey = <INSERTSERVERPUBLICKEYHERE>
AllowedIPs = 0.0.0.0/0
Endpoint = <SERVERPUBLICIP>:51820
Start the client and enable it at runtime:
wg-quick up wg0
systemctl enable wg-quick@wg0
That's it.