Installation
Arch linux
sudo pacman -S wireguard-toolsNote (Note)
Users of kernels < 5.6 may also choose wireguard-lts or wireguard-dkms + linux-headers, depending on which kernel is used.
Debian
sudo apt install wireguardNote (Info)
For other distros, please head over to WireGuard’s official installation document
Android
Generate Keys
umask 077; wg genkey | tee privatekey | wg pubkey > publickeyClient configuration
In /etc/wireguard/wg0.conf:
[Interface]PrivateKey = PRIVATE_KEYAddress = 10.x.x.x/x#DNS = 10.x.x.x, 10.x.x.x # optional, would recommend only if you set AllowedIPs to 0.0.0.0/0
[Peer]PublicKey = Server_Public_KeyAllowedIPs = 0.0.0.0/0 # or subnets you want to allowEndpoint = ip:51820# PersistentKeepalive = 25 # optionalServer configuration
[Interface]PrivateKey = PRIVATE_KEYAddress = 10.x.x.x/xListenPort = 51820PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o PUBLIC_INTERFACE -j MASQUERADEPostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o PUBLIC_INTERFACE -j MASQUERADE
[Peer]PublicKey = Client_Public_keyAllowedIPs = 10.x.x.x/32Note (Note)
Replace PUBLIC_INTERFACE with your interface, such as eth0.
Enable IPv4 packet forwarding
In /etc/sysctl.d/99-sysctl.conf, uncomment line #net.ipv4.ip_forward=1.
To apply, reboot or run sudo sysctl -p.
Daemonizing
Replace wg0 with the filename (without extension) you have in /etc/wireguard/.
sudo systemctl enable --now wg-quick@wg0Restarting
wg-quick down wg0 && wg-quick up wg0Using networkmanager to manage wireguard
Import configuration file
nmcli connection import type wireguard file /etc/wireguard/wg0.confNote (Note)
Note: nmcli can create a WireGuard connection profile, but it does not support configuring WireGuard peers.
Usage
# Enablenmcli connection up wg0# Disablenmcli connection down wg0Disable ipv6
nmcli connection modify your_network_interface ipv6.method "disabled"Futher reading
- Quick start
- WireGuard on wiki.archlinux.org