VPN from Windows to Linux: WireGuard working example

Excuse me, but WireGuard tutorials and manuals are far from grokkable, so here is the result of my today's ordeal. The example that just works.

The problem: route everything from Windows computer via Linux server.

Uncomment this on Linux server, in /etc/sysctl.conf

net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1

Install WireGuard on Linux server, generate key pair:

wg genkey | tee privatekey | wg pubkey > publickey

Install WireGuard on Windows client, run it. It will show you generated key pair upon first run. Note public key.

Config for Windows client:

[Interface]
PrivateKey = [private key generated by Windows client]
ListenPort = 21841
Address = 192.168.2.2/32
DNS = 8.8.8.8

[Peer]
PublicKey = [public key generated on Linux server]
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = LINUX_SERVER_HOSTNAME_OR_IP:51820

Config for Linux server, in /etc/wireguard/wg0.conf

[Interface]
Address = 192.168.2.1
ListenPort = 51820
PrivateKey = [private key generated on Linux server]
DNS = 1.1.1.1
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
Endpoint = LINUX_SERVER_HOSTNAME_OR_IP:51820
PublicKey = [public key generated by Windows client]
AllowedIPs = 192.168.2.2/32

Start/stop WireGuard on Linux server, show info:

wg-quick up wg0
wg show
ifconfig wg0
wg-quick down wg0

References. Tutorials that helped me: 1, 2, 3, 4.

(the post first published at 20221023.)


List of my other blog posts.

Yes, I know about these lousy Disqus ads. Please use adblocker. I would consider to subscribe to 'pro' version of Disqus if the signal/noise ratio in comments would be good enough.