January 12, 2025

Wireguard setup and configuration

Wireguard on Ubuntu Linux

Notes on how to configure Wireguard on an Ubuntu Linux server, as well as configure a separate laptop or smart phone connected to it.

Setup

References: Wireguard install on linux

Example Wireguard Config On the server:

[Interface]
Address = 192.168.9.1/24 # the ip of the server on the vpn network
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o bond0 -j MASQUERADE # ??? allow forwarding of traffic through the server ???
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o bond0 -j MASQUERADE # ??? turn off forwarding of traffic through the server ???
ListenPort = 51820 # the port the server should listen to for wireguard
FwMark = 0xca6c # marks packets so they don’t loop endlessly in the network, or something?
PrivateKey = ***** # the private key generated on the server when setting up wireguard

[Peer]
PublicKey = ***** # the public key generated on the laptop when setting up wireguard
AllowedIPs = 192.168.9.2/32 # this is the specific ip address to assign this laptop on the remote network 

On the laptop:

[Interface]
PrivateKey = ***** # the private key generated on the laptop when setting up wireguard locally
Address = 192.168.9.4/32 # this is the specific ip address to assign this laptop on the remote network 
DNS = 192.168.1.1 # this is the dns server to use on the remote lan, not necessary if strictly using ips

[Peer]
PublicKey = ***** # the public key generated on the server when setting up wireguard
AllowedIPs = 192.168.1.0/24 # the ip range to route through this VPN tunnel, this one is for lan devices
Endpoint = home.nullfocus.com:51820 # the host or ip of the wg server
PersistentKeepAlive = 15 # how often in seconds to send a keepalive packet, it’s optional

Restart Wireguard: systemctl restart wg-quick@wg0