[[ Wireguard 서버 설치 ]]

Step1

sudo apt update
sudo apt install wireguard

Step 2

server의 private key와 public key 생성

wg genkey | sudo tee /etc/wireguard/private.key
sudo chmod go= /etc/wireguard/private.key

sudo cat /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key

Step 3

wireguard에서 사용할 사설아이피 대역을 선택 (10.10.1.0/24)

Step 4

wireguard configuration 파일 생성

sudo vi /etc/wireguard/wg0.conf

[Interface]
PrivateKey = private key 붙여넣을곳
Address = 10.10.1.1/24, fd24:609a:6c18::1/64
ListenPort = 51820
SaveConfig = true

Step 5

sudo vi /etc/sysctl.conf

net.ipv4.ip_forward=1

sudo sysctl -p

Step 6

ip route list default 명령으로 사용하는 NIC 확인.
firewall 설정

/etc/wireguard/wg0.conf

PostUp = ufw route allow in on wg0 out on eth0
PostUp = iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
PostUp = ip6tables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
PreDown = ufw route delete allow in on wg0 out on eth0
PreDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
PreDown = ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

eth0에 서버의 NIC으로 변경할것

sudo ufw allow 51820/udp
sudo ufw allow OpenSSH

sudo ufw disable
sudo ufw enable

sudo ufw status

Step 7

wireguard 서버 실행

sudo systemctl enable wg-quick@wg0.service
sudo systemctl start wg-quick@wg0.service
sudo systemctl status wg-quick@wg0.service

---

Wireguard Client 설치 – ubuntu

Step 1

sudo apt update
sudo apt install wireguard

wg genkey | sudo tee /etc/wireguard/private.key
sudo chmod go= /etc/wireguard/private.key
sudo cat /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key

sudo vi /etc/wireguard/wg0.conf

[Interface]
PrivateKey = base64_encoded_peer_private_key_goes_here
Address = 10.10.1.2/24
Address = fd24:609a:6c18::2/64

[Peer]
PublicKey = U9uE2kb/nrrzsEU58GD3pKFU3TLYDMCbetIsnV8eeFE=
AllowedIPs = 0.0.0.0/0
Endpoint = 203.0.113.1:51820

ip route list table main default //find nic name
ip -brief address show nic-name //find out nic's ip address

아래의 내용은 [Peer]보다 앞에 위치해야 합니다.

/etc/wireguard/wg0.conf
PostUp = ip rule add table 200 from 203.0.113.5
PostUp = ip route add table 200 default via 203.0.113.1
PreDown = ip rule delete table 200 from 203.0.113.5
PreDown = ip route delete table 200 default via 203.0.113.1

DNS = 8.8.8.8

[[ Wireguard 서버에 클라이언트 추가 ]]

sudo cat /etc/wireguard/public.key //client의 publick.key 확인

server에 클라이언트 정보 등록

sudo wg set wg0 peer PeURxj4Q75RaVhBKkRTpNsBPiPSGb5oQijgJsTa29hg= allowed-ips 10.10.1.2,fd24:609a:6c18::2

ubuntu에서 wireguard 실행 및 확인

sudo apt install resolvconf  // client에 설치
sudo wg-quick up wg0

sudo wg  // check wireguard status

sudo wg-quick down wg0  //stop wireguard client