Adapted from https://forums.lawrencesystems.com/t/getting-started-building-your-own-wireguard-vpn-server/7425
sudo apt-get update
sudo apt-get upgrade --yes
sudo apt autoremove --yessudo vim /etc/sysctl.conf
# uncomment the line that says net.ipv4.ip_forward=1
sudo sysctl -p # to activate the changessudo apt-get install wireguard --yesumask 077; wg genkey | tee privatekey | wg pubkey > publickey
cat privatekey # copy this to [Interface] section down bellowsudo vim /etc/wireguard/wg0.conf[Interface]
PrivateKey = <Wireguard Server Private Key Goes Here>
Address = 192.168.9.1
ListenPort = 51820
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer] # vnode0
PublicKey = <Public Key From WireGuard Peer>
AllowedIPs = 192.168.9.0/24
PersistentKeepalive = 15
[Peer] # vnode1
PublicKey = <Public Key From WireGuard Peer>
AllowedIPs = 192.168.9.0/24
PersistentKeepalive = 15
# ...sudo wg-quick up wg0umask 077; wg genkey | tee privatekey | wg pubkey > publickey
cat privatekey # copy this to [Interface] section down bellowsudo vim /etc/wireguard/vpn.conf[Interface]
PrivateKey = <WG Client Private Key Goes Here>
Address = 192.168.9.10
[Peer] # gateway
PublicKey = <Public Key From WireGuard Server>
Endpoint = deposition.cloud:51820
AllowedIPs = 192.168.9.0/24
PersistentKeepalive = 15sudo wg-quick up vpn
sudo wg # check status
sudo systemctl enable wg-quick@vpn # make available on boot
sudo systemctl start wg-quick@vpn
sudo systemctl stop wg-quick@vpn
sudo systemctl status wg-quick@vpn