Skip to main content

WireGuard

WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable.

Generating Keys

Server

# umask 077
# wg genkey | tee server.key | wg pubkey > server.pub
# cat server.key

# cat server.pub

Client

# umask 077
# wg genkey | tee client.key | wg pubkey > client.pub
# cat server.key

# cat server.pub

Generate PresharedKey (optional)

# wg genpsk

Server Configuration

[Interface]
PrivateKey = <private key>
Address = 10.0.99.1/24
ListenPort = 51820

[Peer]
PublicKey = <public key>
AllowedIPs = 10.0.99.2/32

Client Configuration

[Interface]
PrivateKey = <private key>
Address = 10.0.99.2/32
ListenPort = 51820

[Peer]
PublicKey = <public key>
AllowedIPs = 0.0.0.0/0
Back to top