Wireguard 🔗

How-to 🔗

Create a pair of keys and set the right privileges

$ wg genkey | tee <your-peer>.key | wg pubkey > <your-peer>.pub
$ chmod 600 <your-peer>.key

On the server 🔗

Edit /etc/systemd/network/wg0.netdev adding the following lines

[WireGuardPeer]
PublicKey=<content of <your-peer>.pub>
AllowedIPs=<your-peer-ipv4>, <your-peer-ipv6>

Where , are the values of the allowedIPs section of the last peer incremented by 1 or some value inside the subnet of previous peers which is not clashing with the existing ones

From the same file save the value of PrivateKey from [Wireguard] section as server.key
Reload the conf with

$ systemctl reload systemd-networkd

NOTE: wg pubkey < server.key > server.pub to generate the server public key (just once, it's currently vY9Zr1Y9Q+BLgnLLkx32ooXbGt1JGsOCbDA8IgCG72Y= for peori).

On local machine 🔗

Install wireguard tools

$ pacman -S wireguard-tools

Create /etc/wireguard/<interfacename>.conf

[Interface]
Address = <your-peer-ipv4> <your-peer-ipv6>
PrivateKey = <content of <your-peer.key>>`

[Peer]
PublicKey = vY9Zr1Y9Q+BLgnLLkx32ooXbGt1JGsOCbDA8IgCG72Y= # server's public key
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = peori.space:51871

Start the interface

wg-quick up <interfacename>

For persistency:

systemctl enable wg-quick@<interfacename>.service