Excuse me, but WireGuard tutorials and manuals are far from grokkable, so here is the result of my today's ordeal. The example that just works.
The problem: route everything from Windows computer via Linux server.
Uncomment this on Linux server, in /etc/sysctl.conf
net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1
Install WireGuard on Linux server, generate key pair:
wg genkey | tee privatekey | wg pubkey > publickey
Install WireGuard on Windows client, run it. It will show you generated key pair upon first run. Note public key.
Config for Windows client:
[Interface] PrivateKey = [private key generated by Windows client] ListenPort = 21841 Address = 192.168.2.2/32 DNS = 8.8.8.8 [Peer] PublicKey = [public key generated on Linux server] AllowedIPs = 0.0.0.0/0, ::/0 Endpoint = LINUX_SERVER_HOSTNAME_OR_IP:51820
Config for Linux server, in /etc/wireguard/wg0.conf
[Interface] Address = 192.168.2.1 ListenPort = 51820 PrivateKey = [private key generated on Linux server] DNS = 1.1.1.1 PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE [Peer] Endpoint = LINUX_SERVER_HOSTNAME_OR_IP:51820 PublicKey = [public key generated by Windows client] AllowedIPs = 192.168.2.2/32
Start/stop WireGuard on Linux server, show info:
wg-quick up wg0 wg show ifconfig wg0 wg-quick down wg0
References. Tutorials that helped me: 1, 2, 3, 4.
Yes, I know about these lousy Disqus ads. Please use adblocker. I would consider to subscribe to 'pro' version of Disqus if the signal/noise ratio in comments would be good enough.