Wireguard wg0.conf file

by | Aug 20, 2023 | Administration, Coding, Linux

Server side file

https://linuxize.com/post/how-to-set-up-wireguard-vpn-on-ubuntu-20-04/

Settings on server wg0.conf file

# Server configuration

[Interface]

PrivateKey = Private key= # The server_private.key value.
Address = 10.5.5.1/24  # Internal IP address of the VPN server.
DNS = 1.1.1.1
ListenPort = 51820  # Previously, we opened this port to listen for incoming connections in the firewall.
# Change "eth0" to the name of your network interface in the following two settings. This commands confi>
PostUp = iptables --table nat --append POSTROUTING --jump MASQUERADE --out-interface eth0  # iptables -A F>
PostDown = iptables --table nat --delete POSTROUTING --jump MASQUERADE --out-interface eth0  #iptables -D >
[Peer]
#computer
PublicKey = Public Key  # client_public.key value.

AllowedIPs = 10.5.5.2/32 # Internal IP address of the VPN client.


[Peer]
#phone
PublicKey = Public Key  # client_public.key value.

AllowedIPs = 10.5.5.3/32 # Internal IP address of the VPN client.


[Peer]
# Phone 2
PublicKey = Public Key=  # client_public.key value.

AllowedIPs = 10.5.5.4/32 # Internal IP address of the VPN client

Settings on device, phone, computer

[Interface]
PrivateKey = Private key # The comp_private.key value.
Address = 10.5.5.2/24  # Internal IP address of the VPN server.
ListenPort = 51820  # Previously, we opened this port to listen for incoming connections in the firewall.


[Peer]
PublicKey = Public key of the server
Endpoint = IP of the server:51820
AllowedIPs = 0.0.0.0/0

Adding a kill switch to the connection add next code to the device, phone, computer…

PostUp  =  iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show  %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -D OUTPUT ! -o %i -m mark ! --mark $(wg show  %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT

So the code on the phone, computer should look something like this

[Interface]
PrivateKey = abcdefghijklmnopqrstuvwxyz0123456789=
Address = 172.x.y.z/32
DNS = 172.16.0.1
PostUp  =  iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show  %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -D OUTPUT ! -o %i -m mark ! --mark $(wg show  %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
[Peer]
PublicKey = JPT1veXLmasj2uQDstX24mpR7VWD+GmV8JDkidkz91Q=
Endpoint = us-tx1.wg.ivpn.net:2049
AllowedIPs = 0.0.0.0/0

To check if all works well check it in terminal 

sudo ip a del 172.x.y.z/32 dev wg0

The PostUP iptables rule from step 2 above restricts all traffic to the tunnel and all outgoing attempts to get traffic out fail. To gracefully recover from this, you will likely have to use the wg-quick command to take the connection down, and then bring it back up.

Taken from here