Use this guide (archived copy).
- In the
/etc/network/interfaces.d/wg0file, add theauto wg0line to the beginning, inaddressspecify the desired client address within the VPN network, and innetmaskspecify the VPN network mask. An example of the resulting file:
auto wg0
iface wg0 inet static
address 10.10.10.2
netmask 255.255.255.0
pre-up modprobe wireguard
pre-up ip link add dev wg0 type wireguard
pre-up wg setconf wg0 /etc/wireguard.conf
post-down ip link del dev wg0- Edit the
/etc/wireguard.conffile, taking into account that theAddress(we set the address in the previous step) andDNSkeywords are not supported. An example of the resulting file:
[Interface].
PrivateKey = MO3+yxTyFnnOgeOk9NKFSKHqgFfW6cBhctUO4YeiwV0=
[Peer]
AllowedIPs = 10.10.10.0/24
Endpoint = 192.168.0.2:51820
PersistentKeepalive = 25
PublicKey = M2/axcXbD+eg/c4vfEQTiIpV6LU+kzgJCGqDpzIpHS4=
- In the
/etc/rc.localfile, add theifup wg0line before theexit 0line. An example of the resulting file:
#!/bin/sh
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
ifup wg0
exit 0-
Reboot OpenIPC.
-
Test: on the server and on the client, run the
wg showcommand. Here is its output example if successful:
root@openipc-t31:~# wg show
interface: wg0
public key: /RL2MdZqOdLsT2Be1KXnJWQGJP2oP8sVMlZ/f3GK1BA=
private key: (hidden)
listening port: 34161
peer: M2/axcXbD+eg/c4vfEQTiIpV6LU+kzgJCGqDpzIpHS4=
endpoint: 192.168.0.2:51820
allowed ips: 10.10.10.0/24
latest handshake: 1 minute, 7 seconds ago
transfer: 185.22 KiB received, 182.02 KiB sent
persistent keepalive: every 25 seconds