Wireguard 🔗

How-to 🔗

  • Create a pair of keys and set the right privileges
$ wg genkey | tee <your-peer>.key | wg pubkey > <your-peer>.pub
$ chmod 600 <your-peer>.key

On the server 🔗

  • Edit /etc/systemd/network/wg0.netdev adding the following lines
PublicKey=<content of <your-peer>.pub>
AllowedIPs=<your-peer-ipv4>, <your-peer-ipv6>

Where , are the values of the allowedIPs section of the last peer incremented by 1 or some value inside the subnet of previous peers which is not clashing with the existing ones

  • From the same file save the value of PrivateKey from [Wireguard] section as server.key
  • Reload the conf with
$ systemctl reload systemd-networkd

NOTE: wg pubkey < server.key > server.pub to generate the server public key (just once, it's currently vY9Zr1Y9Q+BLgnLLkx32ooXbGt1JGsOCbDA8IgCG72Y= for peori).

On local machine 🔗

  • Install wireguard tools
$ pacman -S wireguard-tools
  • Create /etc/wireguard/<interfacename>.conf
Address = <your-peer-ipv4> <your-peer-ipv6>
PrivateKey = <content of <your-peer.key>>`

PublicKey = vY9Zr1Y9Q+BLgnLLkx32ooXbGt1JGsOCbDA8IgCG72Y= # server's public key
AllowedIPs =, ::/0
Endpoint = peori.space:51871
  • Start the interface
wg-quick up <interfacename>
  • For persistency:
systemctl enable wg-quick@<interfacename>.service