Skip to content

Instantly share code, notes, and snippets.

@bihe

bihe/wireguard_configuration.md

Created April 5, 2026 10:34
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save bihe/14076c1bf9e26fee61e5c0e6b9013f4e to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save bihe/14076c1bf9e26fee61e5c0e6b9013f4e to your computer and use it in GitHub Desktop.
Download ZIP
Wireguard Configuration
Raw
wireguard_configuration.md

SERVER

Install

sudo apt-get update
sudo apt-get --yes install wireguard

Prepare Keys

cd /etc/wireguard/

mkdir server.keys/
mkdir client1.keys/

cd server.keys/ && wg genkey | tee privatekey | wg pubkey > publickey && cd ..
cd client1.keys/ && wg genkey | tee privatekey | wg pubkey > publickey && cd ..

Create the server conf

Replace the private key with server.keys/privatekey Replace the public key for each peer with the respective client#.keys/publickey I used static IP assignments for each client, but you could use dynamic if you wanted. Note that eno1 might be eth1 or something else (ip link show)

vi /etc/wireguard/wg0.conf

[Interface]
PrivateKey = INSERT_SERVER.KEYS/privatekey_HERE
Address = 10.1.0.1/24
ListenPort = 51820

[Peer]
PublicKey = INSERT_CLIENT1.KEYS/publickey_HERE
AllowedIPs = 10.1.0.2/32

Server Startup

sudo systemctl start wg-quick@wg0
sudo systemctl enable wg-quick@wg0

Client

Create a systemd network device. Go to /etc/systemd/network

cat <<EOF > wg0.netdev
[NetDev]
Name = wg0
Kind = wireguard
Description = wg client 10.1.0.2

[WireGuard]
PrivateKey = <content of local wg-private.key>

[WireGuardPeer]
PublicKey = <server's public key>
AllowedIPs = 10.1.0.0/24
Endpoint = <server's public IP address>:51820
PersistentKeepalive = 25
EOF

cat <<EOF > wg0.network
[Match]
Name = wg0

[Network]
Address = 10.1.0.2/32

[Route]
Gateway = 10.1.0.1
Destination = 10.1.0.0/24
GatewayOnlink = true
EOF

Validate

Restart network systemctl restart systemd-networkd

Check:

> networkctl
IDX LINK             TYPE               OPERATIONAL SETUP     
  1 lo               loopback           carrier     unmanaged 
  2 eth0             ether              routable    configured
  3 wg0              wireguard          routable    configured

Check Issues

journalctl -eu systemd-networkd
@bihe
Copy link
Copy Markdown
Author

bihe commented Apr 5, 2026

One can use the systemd network device on the server as well (source: https://elou.world/en/tutorial/wireguard)

wg genpsk > wg-preshared.key
cat <<EOF > wg0.netdev
[NetDev]
Name = wg0
Kind = wireguard
Description = wg server 10.1.0.0/24

[WireGuard]
PrivateKey = <content of local wg-private.key>
ListenPort = 51820

# For any number of client:
[WireGuardPeer]
PublicKey = <content of client's wg-public.key>
AllowedIPs = 10.1.0.2/32
PresharedKey = <content of wg-preshared.key>
EOF

As well as the network:

cat <<EOF > wg0.network
[Match]
Name = wg0

[Network]
Address = 10.1.0.1/32

[Route]
Gateway = 10.1.0.1
Destination = 10.1.0.0/24
EOF

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment