WireGuard#

last update 2025/10/20

summary#

Documents#

installation#

WireGuard install#

dnf -y install wireguard-tools qrencode

make key pair for server#

cd /etc/wireguard/
umask 077
wg genkey | tee server_private.key | wg pubkey > server_public.key

make key pair for client (need each client)#

wg genkey | tee client_private.key | wg pubkey > client_public.key

make preshared-key for client (need each client)#

wg genkey > client_preshared.key

server config#

[Interface]#

item

value

PrivateKey

private key for server [server_private.key]

Address

CIDR of wg0

ListenPort

port number used for VPN connection

PostUp

commands to run after starting WireGuard

PostDown

commands to run before terminating WireGuard

mtu

MTU value

Table

routing table overwriting prohibited
[Peer]#

item

value

PublicKey

public key for client [client_public.key]

PresharedKey

preshared key for client [client_preshared.key]

AllowdIPs

IP address to attach for client
/etc/wireguard/wg0.conf#
 1[Interface]
 2PrivateKey = +ND+0hvW3fPBooeYkjAEFF3nEm9LP4k8YY2etNrBnUM=
 3Address = 172.16.0.0/16
 4ListenPort = 51820
 5PostUp = ip link set mtu 1280 dev wg0
 6mtu = 1280
 7Table = off
 8
 9[Peer]
10# user1
11PublicKey = 94nQN9WKd33dtLaPHE64oEuLhyFllpSZ0ft6THr0l+18=
12PresharedKey = COAT3vmcPTDGKBndd2FtwoB0vUh7gmvgue9jomPFqr1c=
13AllowedIPs = 172.16.1.1/32
14
15[Peer]
16# user2
17PublicKey = TMdYfx79+ACK4f9o65j3V2RjaucFzPcbbWdKKDyTsw5=
18PresharedKey = EHObraSKu68AdHZdPbpvUHIuARz9X0GxL6I/Bd5W2I=
19AllowedIPs = 172.16.1.2/32

client config#

[Interface]#

item

value

PrivateKey

private key for client [client_private.key]

Address

CIDR of wg0

DNS

DNS server used during VPN communication
[Peer]#

item

value

PublicKey

public key for server [server_public.key]

PresharedKey

preshared key for client [client_preshared.key]

EndPoint

IP address:port of VPN server

AllowdIPs

destination IP address for traffic routed through the VPN. To allow all traffic, specify 0.0.0.0/0

PresistentKeepalive

interval for sending KeepAlive to maintain the VPN connection
/etc/wireguard/client-user1.conf#
 1[Interface]
 2PrivateKey = qNIP6g87l1amc7DgOAU89FekdjBMl0R4VNNRUZbxx5lI=
 3Address = 172.16.0.11/24
 4DNS = 172.16.0.1
 5
 6[Peer]
 7PublicKey = f4iFlgB1GP+mn4UeGnPd9dn8TrEkXz3Torw0hbbrIQg=
 8PresharedKey = COAT3vmcPTDGKBndd2FtwoB0vUh7gmvgue9jomPFqr1c=
 9EndPoint = 192.168.0.10:51820
10AllowedIPs = 0.0.0.0/0
11PersistentKeepalive = 25

server start#

wg-quick up wg0

server stop#

wg-quick down wg0

set servis#

systemctl enable wg-quick@wg0
systemctl start wg-quick@wg0

check starting#

wg

client setting#

for iPhone#

  1. download WireGuard app from AppStore

https://apps.apple.com/jp/app/wireguard/id1441195209

  1. click [add tunnel]

  2. click [scan QRcode]

  3. excecute following command on the server to display the QRcode, then scan it with WireGuard app.

qrencode -t ansiutf8 -r /etc/wireguard/client-user1.conf
qrencode -t ansiutf8 -r /etc/wireguard/client-user2.conf

  1. enter any name in [Name the scanned tunnel settings] to create a profile.

tips#

add ad-blocking functionality by integration with AdGuard. register AdGuard Home's IP address in the DNS setting of the client configuration.