How to Wireguard

wireguard.sh

# Links

https://www.wireguard.com/install/
https://www.wireguard.com/quickstart/

# Install on Fedora

dnf install -y wireguard-tools

# Install on Raspberry Pi OS

apt install -y wireguard

# Generate keys, on all hosts

wg genkey | tee /etc/wireguard/privatekey | wg pubkey > /etc/wireguard/publickey
chmod 600 /etc/wireguard/privatekey

# Setup server, on server

cat << EOF > /etc/wireguard/wg0.conf
[Interface]
Address = 192.168.100.1/24
ListenPort = 51820
PrivateKey = $(cat /etc/wireguard/privatekey)
EOF
chmod 600 /etc/wireguard/wg0.conf

echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p /etc/sysctl.conf
iptables -A FORWARD -i wg0 -j ACCEPT
iptables -A FORWARD -j REJECT --reject-with icmp-host-prohibited

systemctl enable --now [email protected]

# Setup client, on client

read WG_SERVER # IP/FQDN of server
read WG_SERVER_PUBLIC_KEY

cat << EOF > /etc/wireguard/wg0.conf
[Interface]
Address = 192.168.100.2/24
ListenPort = 51820
PrivateKey = $(cat /etc/wireguard/privatekey)

[Peer]
PublicKey = $WG_SERVER_PUBLIC_KEY
AllowedIPs = 192.168.100.0/24
Endpoint = $WG_SERVER:51820
PersistentKeepalive = 25
EOF
chmod 600 /etc/wireguard/wg0.conf

systemctl enable --now [email protected]

# Add client, on server

read WG_CLIENT_PUBLIC_KEY
cat << EOF >> /etc/wireguard/wg0.conf

[Peer]
PublicKey = $WG_CLIENT_PUBLIC_KEY
AllowedIPs = 192.168.100.2/32
EOF

systemctl restart [email protected]

# Keep adding clients, but remember to increment IP...