Source

On remote device (server)

sudo su
cd /etc/wireguard
touch private.key
chmod 600 private.key
wg genkey > private.key
wg pubkey < private.key > public.pub
vim wg0.conf
  • add the following content:
[Interface]
PrivateKey = # <Esc>:r ./private.key
Address = 10.0.254.1/32
ListenPort = 51820
[Peer]
PublicKey = public key from peer config
AllowedIPs = 10.0.254.2
  • save, back to terminal:
chmod 600 wg0.conf
rm private.key
ufw allow 51820/udp # on wg0? #TODO
ufw allow from 10.0.254.2 # on wg0? #TODO
ufw reload
systemctl start wg-quick@wg0.service
systemctl enable wg-quick@wg0.service
journalctl -u wg-quick@wg0.service

On endpoint device (client)

[Interface]
PrivateKey = auto-generated
ListenPort = 51820
Address = 10.0.254.2/32

[Peer]
PublicKey = public key from server config
AllowedIPs = 10.0.254.1/32
Endpoint = server-public-IP:51820