Quick creation of VPN with WireGuard Server to Server

selfhosting networking vpn

The goal is to create a virtual private network between only 2 linux machines. The use case is to connect a VPS hosted by a provider and a local machine with a secure connection.

The github repo contains a better documentation than the official one: wireguard-docs

Prerequisite is two linux servers with a fix ip address (it may be possible to use a dynamic dns(ex: duckdns))

Here we will create a new network wg0 between hosts with ip 192.168.1.1 and 192.168.1.2. On the new network, there ip will be 192.168.2.1 and 192.168.2.2. Subnet mask is set to 30 allowing only 2 IP address.

Both servers need to have the same configuration:

  1. install wireguard 
    # apt install wireguard
  2. generate private and the public key files: 
    wg genkey | tee privatekey | wg pubkey > publickey
  3. create WireGuard configuration for a new network interface (wg0): 
    sudoedit /etc/wireguard/wg0.conf
    [Interface]
Address = 192.168.2.1 # the IP to create for the new wg0 interface
ListenPort = 51820
PrivateKey = privatekey_of_this_server_found_in_files_privatekey
[Peer]
Endpoint = 192.168.1.2:51820 #IP + port where can reach the distant server (the public fixed ip)
PublicKey = publickey_of_the_DISTANT_server_found_in_files_publickey
AllowedIPs = 192.198.2.2/32 # the IP off the peer on the new wg0 interface. mask 32 allow only 1 IP

    on the distant server, the configuration is the same, only all ip and keys should be switch

  4. start the tunnel on both side ('down' to remove the tunnel): 
    wg-quick up wg0
  5. enjoy: 
    ping 192.168.2.2

    For autostart when booting (wg-quick down wg0 before):

    sudo systemctl enable --now wg-quick@wg0

some useful command to check your new VPN:

ip -4 -c -br link show
ip -4 -c -br address show
sudo wg show

Previous Post