I ran across a blog post about spaced repetition recently (here) and wanted to see how well I retained my endeavor of setting up a WireGuard client via the CLI, and copying the config over with a QR code. See Setting up wireguard and Setting up WireGuard P2P VPN for my whole setup process.

I will try not to reference the other client configurations, nor my zsh history, nor my previous blog post on the subject. After an initial attempt at setting it up, I will go back in and take notes on what I missed.

We’ll see how things go!

Generating the keys

sudo su
cd /etc/wireguard/clients
mkdir moto
cd moto
touch moto.private.key
chmod 600 moto.private.key
wg genkey > moto.private.key
touch moto.public.key
wg pubkey < moto.private.key > moto.public.key
touch moto.preshared.key
chmod 600 moto.preshared.key
wg genkey > moto.preshared.key

Adding new client to server config

Info

This one was fairly easy, as my wg0.conf already had two other clients in it.

# /etc/wireguard/wg0.conf
...
[Peer]
PublicKey = <moto.public.key>
PresharedKey = <moto.preshared.key>
AllowedIPs = 10.0.10.4/32

Creating the client config

# /etc/wireguard/clients/moto/moto.conf
[Interface]
Address = 10.0.10.4/28
PrivateKey = <moto.private.key>
 
[Peer]
PublicKey = <../../private.key>
PresharedKey = <moto.preshared.key>
AllowedIPs = 0.0.0.0/1, 128.0.0.0/1
Endpoint = <server public IP>:51820

Generating the QR code

qrencode -t ansiutf8 <moto.conf

Restarting the wg-quick service

Warning

Don’t forget this part…like I did!

systemctl restart wg-quick@wg0.service

Review

Success!

Small hiccup at the end where I thought I had misconfigured something. I almost gave up and looked at the contents of my Pixel configuration file - but I had simply forgotten to restart the service. I even made a mental note at the beginning of this process not to forget to do that…

EOF