Skip to content

Wireguard

Generate Keys

(umask 077 && printf "[Interface]\nPrivateKey = " | sudo tee /etc/wireguard/wg0.conf > /dev/null)
wg genkey | sudo tee -a /etc/wireguard/wg0.conf | wg pubkey | sudo tee /etc/wireguard/publickey

Config

/etc/wireguard/wg0.conf

[Interface]
PrivateKey = 
ListenPort = 
SaveConfig = false
Address = IP/24
PostUp = ufw route allow in on wg0 out on eno1
PostUp = iptables -t nat -I POSTROUTING -o eno1 -j MASQUERADE
PreDown = ufw route delete allow in on wg0 out on eno1
PreDown = iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE

[Peer] #foo_peer
PublicKey = 
AllowedIPs = IP/32

Enable IP Forwarding

/etc/sysctl.d/wireguard.conf

net.ipv4.ip_forward = 1

sudo sysctl -p /etc/sysctl.d/wireguard.conf

Permissions

sudo chown -R root:root /etc/wireguard
sudo chmod -R og-rwx /etc/wireguard/*

QR Code Config

Display

qrencode -t ansiutf8 wg-client.conf
qrencode -t ansiutf8 < wg-client.conf

Create

qrencode -t png -o client-qr.png -r wg-client.conf

  • -t png|ansiutf8 : State the type of the generated image. Supported formats are: PNG, PNG32, EPS, SVG, XPM, ANSI, ANSI256, ASCII, ASCIIi, UTF8, and ANSIUTF8.
  • -o user-qr.png : Write image to given filename.
  • -r wg-client.conf : Read input data from given filename.
for w in /etc/wireguard/clients/*.conf
do
   echo "Creating ${w}.png QR code file ..."
   qrencode -t png -o "${w}.png" -r "${w}"
done