# 1 - On the server:

sudo su
apt-get install wireguard resolvconf
wg genkey | sudo tee /etc/wireguard/server_private.key
chmod go= /etc/wireguard/server_private.key
cat /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key

nano /etc/sysctl.conf
# add:
net.ipv4.ip_forward = 1


# 2 - On the client, same setup:

sudo su
apt-get install wireguard resolvconf
wg genkey | sudo tee /etc/wireguard/server_private.key
chmod go= /etc/wireguard/server_private.key
cat /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key

nano /etc/sysctl.conf
# add:
net.ipv4.ip_forward = 1



# 3 - Back on the server:

[Interface]
Address = 10.5.5.1/24
ListenPort = 51820
PrivateKey = *** the server's own private key here ***

# enable ip forwarding
PostUp = sysctl -w net.ipv4.ip_forward=1
PostDown = sysctl -w net.ipv4.ip_forward=0

[Peer]
PublicKey = *** the client's public key
AllowedIPs = 10.5.5.2/24


# 4 - On the client

[Interface]
Address = 10.5.5.2/24

DNS = 8.8.8.8
PostUp = wg set %i private-key /etc/wireguard/pibox_private.key
PostUp = ping -c1 10.5.5.1

[Peer]
PublicKey = *** the server's public key ***
Endpoint = 1.2.3.4:51820 # the server's public IP adddress
AllowedIPs = 10.5.5.0/24 # ensure the full VPN subnet is allowed
PersistentKeepalive = 25


# 5 On the server

sudo iptables -L -v -n
sudo iptables -A INPUT -i wg0 -j ACCEPT
sudo iptables -A OUTPUT -o wg0 -j ACCEPT

sudo iptables -A INPUT -i wg0 -s 10.5.5.2 -j ACCEPT
sudo iptables -A OUTPUT -o wg0 -d 10.5.5.2 -j ACCEPT

sudo iptables -A INPUT -p udp --dport 51820 -j ACCEPT


# 6 Only on the client

sudo iptables -L -v -n
sudo iptables -A INPUT -i wg0 -j ACCEPT
sudo iptables -A OUTPUT -o wg0 -j ACCEPT


# 7 On both the server and the client

wg-quick up wg0
wg
systemctl enable wg-quick@wg0

wg show


# 8 Test from client to server
ssh user@10.5.5.1


# 9 Test from server to client
ssh user@10.5.5.2