# Remote Access Allowing remote access is just a matter of setting up a new _Wireguard_ interface, allowing incoming traffic to that interface, and making sure the firewall allows that traffic to connect to the rest of the network. ## Create Interface ```bash # cd /etc/wireguard # umask 077 # wg genkey | tee guard.key | wg pubkey > guard.pub # printf "[Interface]\PrivateKey = %s\n" `cat guard.key` ``` Then I modified my file to finish configuring the interface and allow a `[Peer]` for my laptop. ```diff # /etc/wireguard/guard.conf [Interface] PrivateKey = **** + Address = 10.0.2.1/28, 2001:db8:2ebf:2::1/64 + ListenPort = 51820 + + [Peer] + PublicKey = Iz5ceR0+tCN3BLTWehZxSplzdbABRT8geqifFxubHUA= + AllowedIPs = 10.0.2.4/32, 2001:db8:2ebf:1::4/128 + PresharedKey = *** ``` **Line 4:** Sets an IPv4 and IPv6 address for this interface. These will be the servers IPs on each virtual subnet. **Line 5:** Sets the port to listen to for this interface. It is just the default _Wirgaurd_ port and I'll allow traffic through the firewall for it soon. **Line 7-10:** Declare a peer, define the public key to use when communicating and validaing any connections, set what IPs the peer is allowed to use on each virtual subnet, and configure a pre-shared key for additional secuirty.
A preshard key can be generated by running wg genpsk
and must be the same on both the [Peer]
block on the server and the [Interface]
block on the client.