Last active
August 18, 2025 22:03
-
-
Save okurka12/165d8562c86f08b2a129eaf85c28c79d to your computer and use it in GitHub Desktop.
Wireguard server config for servers with IPv6 connectivity (with instructions)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # WIREGUARD SERVER CONFIG FOR SERVERS WITH IPV6 | |
| # --------------------------------------------- | |
| # | |
| # date of creation: february 2025 | |
| # updated: august 2025 | |
| # file name: /etc/wireguard/wg0.conf | |
| # file mode: 600 - important! keys are stored here!!! | |
| # | |
| # prerequisites: | |
| # sudo apt install wireguard | |
| # | |
| # generate keys: | |
| # umask 077; wg genkey | tee privkey | wg pubkey > pubkey && wg genpsk > psk | |
| # | |
| # add following lines to /etc/sysctl.conf (enable ip forwarding between | |
| # interfaces): | |
| # | |
| # net.ipv4.ip_forward = 1 | |
| # net.ipv6.conf.all.forwarding = 1 | |
| # | |
| # then do `sysctl -p` (to reload sysctl config) | |
| # | |
| # start service: | |
| # systemctl start wg-quick@wg0 | |
| # | |
| # also set firewall: | |
| # ufw allow 51820/udp comment wireguard | |
| # | |
| # read more on: | |
| # https://wiki.debian.org/WireGuard | |
| # https://www.wireguard.com/quickstart/ | |
| # | |
| # | |
| # USEFUL PUBLIC DNS SERVERS | |
| # ------------------------- | |
| # | |
| # https://developers.google.com/speed/public-dns/docs/using | |
| # DNS = 8.8.8.8, 2001:4860:4860::8888 | |
| # DNS = 8.8.4.4, 2001:4860:4860::8844 | |
| # | |
| # cloudflare | |
| # https://developers.cloudflare.com/1.1.1.1/ip-addresses/ | |
| # DNS = 1.1.1.1, 2606:4700:4700::1111 | |
| # DNS = 1.0.0.1, 2606:4700:4700::1001 | |
| # | |
| # dns0.eu | |
| # https://www.dns0.eu/ | |
| # DNS = 193.110.81.0, 2a0f:fc80:: | |
| # DNS = 185.253.5.0, 2a0f:fc81:: | |
| # | |
| [Interface] | |
| Address = 10.0.0.1/24, fd00::1/64 | |
| ListenPort = 51820 | |
| PrivateKey = SERVER_PRIVATE_KEY | |
| # Allow traffic forwarding (replace SERVER_INTERFACE with something like ens3,enx3...) | |
| PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o SERVER_INTERFACE -j MASQUERADE | |
| PostUp = ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o SERVER_INTERFACE -j MASQUERADE | |
| PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o SERVER_INTERFACE -j MASQUERADE | |
| PostDown = ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o SERVER_INTERFACE -j MASQUERADE | |
| # example first peer | |
| [Peer] | |
| PublicKey = PEER_1_PUBLIC_KEY | |
| PresharedKey = PEER_1_PRESHARED_KEY | |
| AllowedIPs = 10.0.0.2/32, fd00::2/128 | |
| # example second peer | |
| [Peer] | |
| PublicKey = PEER_2_PUBLIC_KEY | |
| PresharedKey = PEER_2_PRESHARED_KEY | |
| AllowedIPs = 10.0.0.3/32, fd00::3/128 | |
| # EXAMPLE CLIENT CONFIG FOR PEER 1 | |
| # -------------------------------- | |
| # | |
| # [Interface] | |
| # PrivateKey = PEER_1_PRIVATE_KEY | |
| # Address = 10.0.0.2/32, fd00::2/128 | |
| # DNS = 193.110.81.0, 2a0f:fc80:: | |
| # | |
| # [Peer] | |
| # PublicKey = SERVER_PUBLIC_KEY | |
| # PresharedKey = PEER_1_PRESHARED_KEY | |
| # AllowedIPs = 0.0.0.0/0, ::/0 # tunnel both ipv4 and ipv6 | |
| # Endpoint = SERVER_ADDRESS:51820 # your wireguard server address and port | |
| # PersistentKeepalive = 25 | |
| # |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment