Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

[1] gives a very good rundown of what you need to do to make it work. It is actually very trivial (once you've got wireguard.ko). Just generate a key, and cross-copy the public halves.

However configuration to make forwarding of all packets and thus making it usable as a full VPN requires a few extra steps on the server:

    * net.ipv4.ip_forward = 1
    * net.ipv4.conf.all.proxy_ARP = 1
And on the client, especially if you're using wg-quick:

    * AllowedIPs = 0.0.0.0/0
But it shouldn't take that long. I got it working in tens of minutes.

[1]: https://www.wireguard.com/quickstart/



On the server config I also had to add some iptables rules

  PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o enp2s0 -j MASQUERADE
  PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o enp2s0 -j MASQUERADE


Ah yes, I forgot about that. (It is mentioned in the documentation though.)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: