Setup wireguard

⚠️ Configuration might present security issues.

Server-side configuration

wg genkey | tee privatekey | wg pubkey > publickey
[Interface]
PrivateKey = <server private key> # generated in the previous step
Address = 10.x.y.1/24             # IP address used inside the private network and its netmask
ListenPort = 2222                 # port used for inbound connections

# Repeat the [Peer] section for each connected user/key
[Peer]
PublicKey = <client public key> # public key generated by the client
AllowedIPs = 10.x.y.2/32        # pool of addresses inside the private network the client can use
wg-quick up wg0
wg syncconf wg0 /etc/wireguard/wg0.conf

Client-side configuration

wg genkey | tee privatekey | wg pubkey > publickey
[Interface]
PrivateKey = <client private key> # generated in the previous step
Address = 10.x.y.2/24             # IP address used inside the private network and its netmask

[Peer]
PublicKey = <server public key>   # public key generated by the server
Endpoint = A.B.C.D:2222           # public IP address of the server and the port it's listening on
AllowedIPs = 10.x.y.0/24          # the server is allowed to send/forward traffic from any node of the network
# If you want to route all your traffic through the server, use instead the following line:
# AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25
wg-quick up wg0

Routing options

echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
/sbin/iptables -A FORWARD -i eth1 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i wg0 -o eth1 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -A PREROUTING -i eth1 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.x.y.2
/sbin/iptables -A POSTROUTING -o wg0 -j MASQUERADE