Server side file
https://linuxize.com/post/how-to-set-up-wireguard-vpn-on-ubuntu-20-04/
Settings on server wg0.conf file
# Server configuration
[Interface]
PrivateKey = Private key= # The server_private.key value.
Address = 10.5.5.1/24 # Internal IP address of the VPN server.
DNS = 1.1.1.1
ListenPort = 51820 # Previously, we opened this port to listen for incoming connections in the firewall.
# Change "eth0" to the name of your network interface in the following two settings. This commands confi>
PostUp = iptables --table nat --append POSTROUTING --jump MASQUERADE --out-interface eth0 # iptables -A F>
PostDown = iptables --table nat --delete POSTROUTING --jump MASQUERADE --out-interface eth0 #iptables -D >
[Peer]
#computer
PublicKey = Public Key # client_public.key value.
AllowedIPs = 10.5.5.2/32 # Internal IP address of the VPN client.
[Peer]
#phone
PublicKey = Public Key # client_public.key value.
AllowedIPs = 10.5.5.3/32 # Internal IP address of the VPN client.
[Peer]
# Phone 2
PublicKey = Public Key= # client_public.key value.
AllowedIPs = 10.5.5.4/32 # Internal IP address of the VPN client
Settings on device, phone, computer
[Interface]
PrivateKey = Private key # The comp_private.key value.
Address = 10.5.5.2/24 # Internal IP address of the VPN server.
ListenPort = 51820 # Previously, we opened this port to listen for incoming connections in the firewall.
[Peer]
PublicKey = Public key of the server
Endpoint = IP of the server:51820
AllowedIPs = 0.0.0.0/0
Adding a kill switch to the connection add next code to the device, phone, computer…
PostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
So the code on the phone, computer should look something like this
[Interface]
PrivateKey = abcdefghijklmnopqrstuvwxyz0123456789=
Address = 172.x.y.z/32
DNS = 172.16.0.1
PostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
[Peer]
PublicKey = JPT1veXLmasj2uQDstX24mpR7VWD+GmV8JDkidkz91Q=
Endpoint = us-tx1.wg.ivpn.net:2049
AllowedIPs = 0.0.0.0/0
To check if all works well check it in terminal
sudo ip a del 172.x.y.z/32 dev wg0
The PostUP iptables rule from step 2 above restricts all traffic to the tunnel and all outgoing attempts to get traffic out fail. To gracefully recover from this, you will likely have to use the wg-quick command to take the connection down, and then bring it back up.
Taken from here