wireguard config

wireguard_config.txt

=====server side /etc/wireguard/wg0.conf:
[Interface]
PrivateKey = <privkey>
ListenPort = 24444
SaveConfig = false
Address = 10.0.0.1/32
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = <get client pubkey from sudo wg>
AllowedIPs = 10.0.0.2/32

[Peer]
PublicKey = <get client pubkey from sudo wg>
AllowedIPs = 10.0.0.3/32

======clientA side /etc/wireguard/wg0.conf:
[Interface]
PrivateKey = <privkey>
Address = 10.0.0.3/32

[Peer]
PublicKey = <get server pubkey from sudo wg>
Endpoint = <server ip>:24444
AllowedIPs = 0.0.0.0/0

======clientB side /etc/wireguard/wg0.conf:
[Interface]
PrivateKey = <privkey>
Address = 10.0.0.2/32

[Peer]
PublicKey = <get server pubkey from server sudo wg>
Endpoint = <server ip>:24444
AllowedIPs = 0.0.0.0/0

======test:
====from cellphone a:
ping 10.0.0.1
64 bytes from 10.0.0.1: icmp_seq=4 ttl=64 time=163 ms
64 bytes from 10.0.0.1: icmp_seq=4 ttl=64 time=172 ms
ping 10.0.0.2
64 bytes from 10.0.0.2: icmp_seq=3 ttl=63 time=351 ms
64 bytes from 10.0.0.2: icmp_seq=4 ttl=63 time=349 ms

====from vps:
ping 10.0.0.2
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=187 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=185 ms
ping 10.0.0.3
64 bytes from 10.0.0.3: icmp_seq=1 ttl=64 time=172 ms
64 bytes from 10.0.0.3: icmp_seq=2 ttl=64 time=179 ms