Let me show you, how to install and configure a basic VPN connection with WireGuard on a Linux server and client. We will also have a look at some advanced configuration settings like keep-alive and traffic routing.
DOCS: https://github.com/xcad2k/videos/tree/main/wireguard-on-linux
Follow me:
TWITTER: https://twitter.com/christian_tdl
INSTAGRAM: https://instagram.com/christian_tdl
DISCORD: https://discord.com/invite/bz2SN7d
GITHUB: https://github.com/xcad2k
BLOG: https://www.the-digital-life.com
PATREON: https://www.patreon.com/christianlempa
MY EQUIPMENT: https://kit.co/thedigitallife
Timestamps:
00:00 Introduction
01:50 Installation on server & client
02:50 Create private and public server keys
04:24 Configure server interface
07:00 Create private and public client keys
07:34 Configure client interface
10:55 Add Client peer to the server configuration
12:03 Configure persistent keep-alive
13:58 Test the connection via ping
14:30 Configure the server to forward network packets
16:05 How to change clients traffic routing
17:10 Summary
—-
All links with “*” are affiliate links.
im looking for a way to host my gameserver with a tunnel/proxy, only got dslite (no public ipv4) ssh tunnl (only works with tcp and wrapping udp to tcp -> latency) i try it now with this.
Good day Christian,
Was thinking if you can consider doing a video on Wireguard Docker Site-to-Site, specifically Home Server to VPS always-on Wireguard Tunnel ?
Many Thanks in advance.
Thank you so much, after look your video i already tried success
Need a install vid on Arch Arm Wireguard client.
Christian! Thank you very much for your video! I could set up wireguard between routerOS and Ubuntu only after watching that 🙂
I have packet drop rate @ 1-3% via using speedtest
Thanks – an excellent guide.
Hi, excellent tutorial! It works fine on my linux client virtual machine, but when I made exactly same config (except keys) on my macOS, it connects to the server but doesn't give me access to internet
here are the commands
-A FORWARD -i wg0 -j A
CCEPT; iptables -t nat -A POSTROUTING
-o eth0 -j MASQUERADE;
and
-D FORWARD -i wg0 -j A
CCEPT; iptables -t nat -D POSTROUTING
-o eth0 -j MASQUERADE;
Man this works on android windows but doesn't seems to work on linux for me
i must be an idiot or got lost in translation
Now all i need is a video explaining how to assign a free public IP on my server to the client that is connecting and im golden.
Excellent tutorial, thanks
I closed the vid as soon as I saw Windows on the screen. You spent a good minute of your video talking about how you teach Linux and that we all should subscribe, yet you use Windows on your personal computer? Is this a joke?
preach what you teach
what about DNS (it's always DNS 😉
Don't you need to have a DNS = a.b.c.d entry in the client config?
I had to add it and then it worked.
Very clear and complete tutorial, thanks.
very nice tutorial … TY 🙂
BIG THANX ❤
how nicely put tutorial. Thanks. Subscribed.
Hey thanks for your videos ! 🙂
Where can i find the top menu on your windows where displayed cpu informations .. ??
Hi I love how simple you made tutorial to follow, the official WireGuard site on the otherhand left me confused. Sadly I can't get this to work for 4g between my phone and PC. I can't find much info on this do you have any idea how I can get this to work? I also tried using tailscale but the app never allowed my phone(LineageOS) to be the endpoint.
Excellent tutorial, Danke. The second time I generated pub/privatekey for the client and tried to run this command "sudo vim /etc/wireguard/wg0.conf" to be able to write the next configuration, it pop up the old vim file where I wrote things about server, so there is where I lost the track. Help plz.
Thank you bro. I'm going back to China in the summer and I really don't want to pay for a VPN. I turned my gaming pc into a linux server for this.
Forgive me, I have tried what you have in this episode, and I have no doubt that you are doing what is correct, it just isn't as easy for me. I am running pclinuxos 2022 MATE, could I trouble you for a link to a step by step guide for this system?
with little to no knowledge of how to configure a VPN this tutorial doesn't make sense, you just jot down a bunch of characters without explaining what it does
Everything was going good until the last part. Setting up forwarding. It seems to revert back to 0 and not allow up forwarding. Any ideas as to why? How can I make this change persistent?
Thank you so much, I was so lost configuring the client and it was so easy following your tutorial. Definitely suscribed!
Can I use this to tunnel private web server to public via vps?
Excellent tutorial, very clear and concise. I went along and it worked perfectly. Did the setup in my Proxmox virtual environment. Now need to experiment further. Thank you!
hi i am using mikrotik to mikrotik wireguard tunnel but when my client side mikrotik reboot due to any reason my tunnels can reconnect automaticly i need to change public key and re submit in server side to reconnect my tunnel again Please help me in this regard .
am also using change mss rule in mangle
/ip firewall mangle
add action=change-mss chain=forward new-mss=clamp-to-pmtu passthrough=yes
protocol=tcp tcp-flags=syn
This video has clearly explained what I have researched for a long time. I have made some dollars as well from a client. Thank you, Christian.
Thank you soo much.
This helped me a lot.
Keep this good work up!
can you do a video like this for freebsd… please…
Sir I have tried every think but the handshake is not hapenning Please help..
Hi !!! thanks for the video. I Have it installed in a PI and I can connect and do everything on my iphone but I cant on my PC / MAC /; laptop. The PC/laptop doesnt navigate, I can see the device by pinging them but can't access my resources like nextcloud etc.. Any thoughts ? how to fix this. I have tried this in both Ipad and iphone and wireguard works great. BUt, PC and MAC doesnt..
Thank you for this video. I will try on RHEL8 now.
Great video . Do you know how to bypass certain services as client to the server ? Lets say I dont want a port like 54321 routed via Wireguard . 🙂
how should we store private keys?
Wie hast du die Leiste mit der Auslastung oben hinbekommen? Die sieht so schön aus.
hey christian,
frist thank you for the video, because you are using promox as well, could it be a good content for a upcoming video to provide a guide on installing wireguard inside a lxc container WITH are working guy (the last part is what I'm struggling about and didn't got it working with 3 different webuis) and for security reason and the advanced users here: maybe a guide on how to route one client to only specific networks (VLANs).
greets from south of germany 😛
oh and for the natforwarding I added these lines on the host itself inside the config after port 51820:
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
thanks. I managed to get it to work. I can ping and ssh between peers, but curl from one peer to the other does not return anything. Is it maybe some apache2 configuration?
Saved the day ! Changing "FORWARD -i %i" to "FORWARD -i wg0" solved problem with no LAN and internet access. THANKS !