WireGuard Server File Configuration
WireGuard Server File Configuration
Posted inServer

WireGuard Server File Configuration PTP dan PTM

WireGuard server file configuration sederhana berbentuk teks, biasanya bernama wg0.conf (angka 0 bisa berbeda untuk interface lain).

Point-to-Point

Generate Private dan Public Key

sudo su

wg genkey | tee PrivateKey-WireGuard | wg pubkey > PublicKey-WireGuard

wg genkey | tee PrivateKey-Client | wg pubkey > PublicKey-Client

wg genpsk > PreSharedKey

WireGuard Point to Point
Topology WireGuard Point to Point

Configuration WireGuard Server PTP

[Interface]
Address = 12.12.12.1/24
ListenPort = 60601
PrivateKey = PrivateKey-WireGuard
PostUp = iptables -I INPUT -p udp –dport 60601 -j ACCEPT
PostUp = iptables -I FORWARD -i eth0 -o wg0 -j ACCEPT
PostUp = iptables -I FORWARD -i wg0 -j ACCEPT
PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D INPUT -p udp –dport 60601 -j ACCEPT
PostDown = iptables -D FORWARD -i eth0 -o wg0 -j ACCEPT
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT
PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey =  PublicKey-Client
PresharedKey = PreSharedKey
AllowedIPs = 12.12.12.2/32

Restart Service WireGuard

sudo wg-quick down wg0

sudo wg-quick up wg0

Configuration Client

[Interface]
PrivateKey = PrivateKey-Client
Address = 12.12.12.2/32
DNS = 1.1.1.1

[Peer]
PublicKey = PublicKey-WireGuard
PresharedKey = PreSharedKey
Endpoint = IP_Public:60601
AllowedIPs = 0.0.0.0/0

Point-to-Multipoint

WireGuard Topology Point to Multipoint
WireGuard Topology Point to Multipoint

Create Private dan Public Key

sudo su

wg genkey | tee PrivateKey-WireGuard | wg pubkey > PublicKey-WireGuard

wg genkey | tee PrivateKey-Client1 | wg pubkey > PublicKey-Client1

wg genkey | tee PrivateKey-Client2 | wg pubkey > PublicKey-Client2

wg genkey | tee PrivateKey-Client3 | wg pubkey > PublicKey-Client3

wg genpsk > PreSharedKey

Configuration WireGuard Server PTM

### Server WireGuard ###
[Interface]
Address = 12.12.12.1/24
ListenPort = 60602
PrivateKey = PrivateKey-WireGuard
PostUp = iptables -I INPUT -p udp –dport 60602 -j ACCEPT
PostUp = iptables -I FORWARD -i eth0 -o wg0 -j ACCEPT
PostUp = iptables -I FORWARD -i wg0 -j ACCEPT
PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D INPUT -p udp –dport 60602 -j ACCEPT
PostDown = iptables -D FORWARD -i eth0 -o wg0 -j ACCEPT
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT
PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

### CLIENT 1 ###
[Peer]
PublicKey = PublicKey-Client1
PresharedKey = PreSharedKey
AllowedIPs = 12.12.12.2/32

### CLIENT 2 ###
[Peer]
PublicKey = PublicKey-Client2
PresharedKey = PreSharedKey
AllowedIPs = 12.12.12.3/32

### CLIENT 3 ###
[Peer]
PublicKey = PublicKey-Client3
PresharedKey = PreSharedKey
AllowedIPs = 12.12.12.4/32

Restart Server WireGuard

sudo wg-quick down wg0
sudo wg-quick up wg0

Configuration Client

### CLIENT 1 ###
[Interface]
PrivateKey = PrivateKey-Client1
Address = 12.12.12.2/32
DNS = 1.1.1.1

[Peer]
PublicKey = PublicKey-WireGuard
PresharedKey = PreSharedKey
Endpoint = IP_Public:60602
AllowedIPs = 0.0.0.0/0

### CLIENT 2 ###
[Interface]
PrivateKey = PrivateKey-Client2
Address = 12.12.12.3/32
DNS = 1.1.1.1

[Peer]
PublicKey = PublicKey-WireGuard
PresharedKey = PreSharedKey
Endpoint = IP_Public:60602
AllowedIPs = 0.0.0.0/0

### CLIENT 3 ###
[Interface]
PrivateKey = PrivateKey-Client3
Address = 12.12.12.4/32
DNS = 1.1.1.1

[Peer]
PublicKey = PublicKey-WireGuard
PresharedKey = PreSharedKey
Endpoint = IP_Public:60602
AllowedIPs = 0.0.0.0/0

Keterangan WireGuard Server File Configuration

  • PrivateKey: harus dijaga kerahasiaannya
  • PublicKey: dibagikan ke peer
  • AllowedIPs sisi server: IP mana yang diizinkan dari client
  • AllowedIPs sisi client: IP mana yang dirutekan melalui VPN
  • Endpoint: hanya perlu di satu sisi (biasanya client)
  • PersistentKeepalive: diperlukan jika client di belakang NAT