Wireguard Quick Start

1. Installing Wireguard on Linux (Debian)

Needed Debian 11 Bullseye or newer.

sudo apt-get install wireguard

2. Generate server private and public keys

wg genkey > wg-private.key

wg pubkey < wg-private.key > wg-public.key

3. Create Config

sudo nano /etc/wireguard/wg0.conf

[Interface]
#Server vpn ip and subnet mask
Address = 10.0.2.1/24
#SaveConfig = false
ListenPort = 51820
PrivateKey =<server_private_key>

[Peer]
PublicKey = <client_public_key>
AllowedIPs = 10.0.2.2/32
#PersistentKeepalive = 25

Start / or stop:

sudo wg-quick up wg0

sudo wg-quick down wg0

sudo systemctl is-enabled wg-quick@wg0

sudo systemctl enable wg-quick@wg0

sudo wg show

4. Enable IPv4 port forwarding

Edit /etc/sysctl.conf :

net.ipv4.ip_forward = 1

Update :

sudo sysctl -p /etc/sysctl.conf

Check ip_forward is enabled :

> cat /proc/sys/net/ipv4/ip_forward
> 1

5. Add masquerade rules to make network reachable from Windows clients

** These commands needs to enter after every reboot **

sudo nft add table ip NAT

sudo nft add chain ip NAT my_masquerade '{ type nat hook postrouting priority 100; }'

sudo nft add rule NAT my_masquerade ip saddr { 10.0.2.0/24 } oifname eth0 masquerade

6. Setup Windows client

Install windows client from https://www.wireguard.com/install/
Press CTRL+N, enter name (e.g. "test-vpn")
Add config:

[Interface]
PrivateKey = <client_private_key>
#Client IP and Subnet Mask
Address = 10.0.2.2/32
#Ad guard dns
DNS = 94.140.14.14

[Peer]
PublicKey = <server_public_key>
AllowedIPs = 0.0.0.0/0
Endpoint = <server_ip_and_port>

7. Setup Android client

Install Wireguard App for Android
Add new Tunnel (blue '+' button)
Create from Scratch
Interface section:

Name: vpn-test
Addresses: 10.0.2.3/32
DNS Servers: 94.140.14.14

Press Add Peer:

Public key: <server_public_key>
Endpoint: <server_ip_and_port>
Allowed IPs: 0.0.0.0/0

Copy Public key, Create/add server-side config:

[Peer]
Publickey:<android_client_public_key>
AllowedIPs: 10.0.2.3/32