Configuring the Client
You1:02 PMYou need a few pieces of information to configure the client and server. This documentation is just for the client side.
-
Start with a basic Wireguard template, save as
wg0.conf[Interface] PrivateKey = <Client Private Key from Step 2> ListenPort = 51820 Address = 192.168.50.<NEXT FREE IP>/24 DNS = 192.168.1.1 #DNS Server available to the network [Peer] PublicKey = <Tunnel Public Key from Wireguard Server> AllowedIPs = 192.168.50.0/24, 192.168.3.0/24, 192.168.1.0/24 # Comma delimited list of networks/hosts to give client routes to Endpoint = <Wireguard Public IP Endpoint>:51820 -
Generate a public and private key. This can be done on any system that has "wireguard-tools" installed
wg genkey | tee privatekey | wg pubkey > publickeyYou1:17 PMipThe private key goes to the client, the public key goes to the Wireguard server configurations. See the Configuring PFSense section for details on where to use this Public Key.
-
In Ubuntu's case, you must link
addthedevresolvectlwg0binarytypetowireguardthewgresolvconfsetconfbinarywg0thatmyconfig.conf You1:35 PM ip link add dev wg0 type wireguardwg-quick"configassumesinfo.txt"iswg0used.You1:41 PM ip link del dev wg0 You2:10 PM https://gist.github.com/Tokugero/fb6700df0eeebfae2b1ed92add47da54 https://gist.githubusercontent.com/Tokugero/fb6700df0eeebfae2b1ed92add47da54/raw/fd057310f46f39966cfff652db984c0fd565a72d/gistfile1.txt You2:16 PMsudo ln -s /usr/bin/resolvectl /usr/local/bin/resolvconfYou2:18 PM -
To test the configuration:
wg-quick up ./wg0.conf ping <internal resource listed in the AllowedIPs section> ip route # Look for routes that go through wg0 interfaces wg-quick down ./wg0.conf -
Make the configuration persistent on the client: Then move your configuration file to the
/etc/wireguard/directory to enable an auto startup of the VPN on system boot.sudo mv ./wg0.conf /etc/wireguard/wg0.conf sudo systemctl enable wg-quick@wg0.service sudo systemctl daemon-reload sudo systemctl start wg-quick@wg0