ifconfig, you will see network interface name is eth0 and public IP
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet xxx.xxx.xxx.xx netmask 255.255.240.0 broadcast xxx.xxx.xxx.xx
2 - WireGuard installation & key pair
apt install wireguard -y
cd /etc/wiregaurd/
Generate key pair wg genkey | tee server-privateKey | wg pubkey > server-publicKey
tee means to write privatekey run ls , you’ll see 2 files in the directory
cat server-privateKey -> 3Ab************Xk=
cat server-publicKey -> y6Qjx*********s=
chmod 600 /etc/wireguard/server-privateKey
chmod go= /etc/wireguard/server-privateKey
# this command removes any permissions, only root can access
3 - Create server config file
vim /etc/wireguard/wg0.conf
# you need to create the `config` file with content below:
Put below content to wg0.conf file
# Server config [Interface]PrivateKey = server-private-key# used private key generated on server sideAddress = 10.106.0.2/20, fd7b:6185:74b5::/64# private IP address, see how to generate IPv6 belowSaveConfig = trueListenPort = 55555# standard WireGuard port is 51820PostUp = ufw route allow in on wg0 out on eth0PostUp = iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADEPostUp = ip6tables -t nat -I POSTROUTING -o eth0 -j MASQUERADEPreDown = ufw route delete allow in on wg0 out on eth0PreDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADEPreDown = ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE# PostUp=iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; # Post up rule, receive and accept every packets into the tunnel, going outward tunnel interface with masked the public IP of the server # PostDown=iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; # Post down rule[Peer]PublicKey = client-public-keyAllowedIPs = client-private-ip-range# eg: 10.0.0.1/24