To be very quick, this is a very little howto to create Wireguard VPN.
First on both client and server you need to generate a private and associated public key.
# wg genkey > host_private.key # wg pubkey < host_private.key > host_public.key
On the server, create a config file, for example myhome.conf on /etc/wireguard, with following content:
[Interface] # Address for server and mask Address = 10.11.12.1/24 # Port to listen on (open on FW on UDP) ListenPort = 1234 # Private key for server (content) PrivateKey = dsfsdfdssfdfsd [Peer] # Public key for client (content) PublicKey = dfdsfsdsdfdffddfssfd # How is allowed to connect / IP for client on the same network as server. It can be a network AllowedIPs = 10.11.12.10/32 # Force to send packets every x sec to keep the tunnel up PersistentKeepalive = x
For the server, create a config file too on /etc/wireguard
[Interface] # Client address. Same as AllowedIPs on server (with mask) Address = 10.11.12.10/24 # Private key for client (content) PrivateKey = dsfdslalzlelk [Peer] # Host to connect Endpoint = myserver.com:1234 # Public key for server (content) PublicKey = dldlkmsdlkmdsmlds # How is allowed (the server) AllowedIPs = 10.11.12.1/32
On each machine, you can enable systemd service with wg-quick@confname (without .conf).
Check the network interface, with ip commands.
You can have more infos with "wg" command.
For more info, check https://www.wireguard.com/