Basics of WireGuard

What is WireGuard?

WireGuard is a fairly new Layer 3 VPN protocol that runs on top of UDP. It's main selling points are that it is very easy to configure and also very fast (It can easily reach speeds in excess of 1 Gbit/s without much resource utilization).

It is available for every major operating system you can find in the wild (namely Windows, Linux (and its derivatives) and Mac OS)

To understand how simple the configuration is, have a look at the following snippet:

[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = 4BhSWsplXEJrqSDvb/kIy6FzfXkimLF4b3h/nrz/vkY=

[Peer]
PublicKey = EzEyCarbQdia+D0u7aRvSDL4hz3YCQQjgvOVGBEPBDo=
AllowedIPs = 10.0.0.2/32

[Peer]
PublicKey = dq/DbVCb40ZjuKZZv1EhTH/4FQRGme4pe07B5CIvuVo=
AllowedIPs = 10.0.0.3/32

[Peer]
PublicKey = UDIqfBJAKc1YmpvRxDSM4tc3ZrbzNHduEqVqZmG4CXU=
AllowedIPs = 10.0.0.4/32

That small little amount of config would allow 3 clients to connect to the WireGuard "server" with their own matching private keys!

Want to use WireGuard for your own network? Great! See the rest of this documentation here!

How does WireGuard work?

WireGuard works by using cryptographic keys to encapsulate packets, then sending them using it's own routing table, It's generally regarded as a secure and fast way to send packets, and is highly scalable and deployable!

Generating a public/private keypair

Generating a public and private key in wireguard is super easy! You'll know how to do it in a matter of seconds :D

To generate a private key you should run this

wg genkey | sudo tee /path/to/where/you/want/your/private.key

This will generate your private key, print it to your terminal and write it to a file in the path you specify above

To get the matching public key for this private key, you need only run this!

sudo cat /wherever/your/private/key.is | wg pubkey | sudo tee /path/to/your/new/public.key