Wireguard Setup
This guide assumes you are setting up a wireguard client on linux and you will be given the server address and public key by the wireguard server admin.
Install Wireguard
Install WireGuard on the client.
Generate keys
On the client, generate a key pair:
wg genkey | tee clientkey.priv | wg pubkey > clientkey.pub
For other systems key generation instructions differ - you may need to look up instructions for your OS.
Preshared Keys (Optional)
For enhanced security you can create a preshared key using:
wg genpsk > shared.psk
You will then need to send this along with your public key when requesting access (see below). Public keys can be shared across insecure networks, but for preshared keys this needs to be shared in a secure manner - e.g. in person or through a trusted encrypted channel.
You will also need to add the following line below [Peer] in the config (see Generate Config section)
Example preshared key
PresharedKey = XezV652xbAQX7NPIwNLU8ykIzUsIqdcjdP4kUcw8tV0#
Request Access
Send the admin your public key (do not ever share your private key), and they will send you the public key for the server, a tunnel address and an endpoint address to use in the config (see below).
Generate config
Use the snippet below as the template for the config, filling the YOUR_TUNNELADDRESS, SERVER_PUBLICKEY and SERVER_ENDPOINT variables with what is sent to you, and YOUR_PRIVATEKEY with the private key you generated earlier (the string from the file clientkey.priv).
/etc/wireguard/wg0.conf
[Interface]
Address = YOUR_TUNNELADDRESS
PrivateKey = YOUR_PRIVATEKEY
[Peer]
PublicKey = SERVER_PUBLICKEY
Endpoint = SERVER_ENDPOINT
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25
AllowedIPs can be changed to specific subnets if you don’t want to route all your traffic through the server.
To use the vpn on linux you can use:
> wg-quick up NAME # connect
> wg-quick down NAME # disconnect
OR using systemd
> systemctl start wg-quick@NAME # connect
> systemctl stop wg-quick@NAME # disconnect
Where NAME
is NAME
from /etc/wireguard/NAME.conf
(for example wg0)