Skip to content

WireGuard tunnel

This example configures a WireGuard tunnel:

  • create a WireGuard interface wg0
  • set interface link state to up
  • configure an ip address on wg0
  • configure the private key from /etc/wireguard/peer_A.key
  • configure a WireGuard remote peer at 198.51.100.2:4711
  • setup routing for the remote network via wg0

ifstate

interfaces:
  - name: wg0
    addresses:
    - 192.0.2.1/25
    link:
      state: up
      kind: wireguard
    wireguard:
      private_key: !include /etc/wireguard/peer_A.key
      peers:
      - public_key: oef+ZSlMWWCF1bEHPaw04TmjPyHKcz2b81njwIQI0xA=
        endpoint: 198.51.100.2:4711
        allowedips:
        - 192.0.2.128/25
routing:
  routes:
    - to: 192.0.2.128/25
      dev: wg0

manually

ip link add name wg0 type wireguard
ip link set wg0 up
ip address add 192.0.2.1/25 dev wg0
ip route add 192.0.2.128/25 dev wg0
wg set wg0 private-key /etc/wireguard/peer_A.key
wg set wg0 peer oef+ZSlMWWCF1bEHPaw04TmjPyHKcz2b81njwIQI0xA= endpoint 198.51.100.2:4711 allowed-ips 192.0.2.128/25