// tool
WireGuard Config Generator
Fill in your network parameters. Generate keypairs separately on the server:
wg genkey | tee server.key | wg pubkey > server.pub wg genkey | tee client.key | wg pubkey > client.pub
Server config (/etc/wireguard/wg0.conf)
# /etc/wireguard/wg0.conf — server [Interface] Address = 10.8.0.1/24 ListenPort = 51820 PrivateKey = <server-private-key> PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE [Peer] # client1 PublicKey = <client-public-key> AllowedIPs = 10.8.0.2/32
Client config (wg-client.conf)
# wg-client.conf [Interface] PrivateKey = <client-private-key> Address = 10.8.0.2/32 DNS = 1.1.1.1, 1.0.0.1 [Peer] PublicKey = <server-public-key> Endpoint = vpn.example.com:51820 AllowedIPs = 0.0.0.0/0, ::/0 PersistentKeepalive = 25