Be aware that Wireguard is UDP only. This can be a pretty big limitation if you are planning to use this over public networks like hotels, or public hotspots, since UDP can be simply blocked there and you will not be able to connect to your server (e.g. I can't connect to my home PC when I'm on my mobile hotspot, UDP gets blocked somewhere on the way to my router). Setting wireguard with TCP wrapping is a pain in the butt, and I wish Wireguard devs wouldn't be so stubborn and just supported both TCP and UDP out of the box for the users' convenience (I really don't buy their argument about performance, it is UDP or nothing, and I would agree on lower performance with TCP if the alternative is "nothing").
@@novianindy887 2 layers of TCP is not really useful and can lead to performance loss. VPNs generally should be UDP except in circumstances when UDP is blocked and you're forced to use TCP.
WOW! The video was great. I understood completely the structure of how to configure. Thank you for that. What I didn't see in your video that would apply to my case is: a) If one peer connected to the server can ping or connect to another peer connected to the same server, and b) If the server can ping the client and connect for example through VNC to the client. Thanks!
Your guide helped me to finally configure WireGuard without an issue, except I needed to upgrade my Kernel from 5.4.* to 5.7.*, which was not obvious from the beginning. Now I need to teach WG to mimic http/s traffic, because my mobile carrier doesn't like any traffic except http/s. Keep filming more videos, dude.
@@christianlempa At the very basic, yes. Unfortunately, unlike OpenVPN, WireGuard is not deigned to obfuscate traffic and fool DPI, it's a known limitation www.wireguard.com/known-limitations/. I need some workaround to achieve it, most likely with some third party tool. It'll be grade if you make a video about this topic sometime in the future
Whilst setting this up it is worth noting on the server side the iptables mentions "eth0" - however on virtual machines this can be enp0s3 or on new ubuntu servers eno1 - or another number depending on the number of interfaces you have. Hope this saves others time :-)
probably one of the best videos on this topic even though wireguard has changed slightly it does take longer than 18 minutes to setup the first time LOL :XD
"I think, that is not too complicated..." You know what is not too complicated? My thinking processes. As for THIS... Аnyway, great video, sir! My tunnel works as swiss watch now! Subscribed.
Great explanation! Thank you so much! One thing: the sysctl command is not permanent after reboot. For that change /etc/sysctl.conf and then reboot or just enter sysctl -p
This is not a port, this is the subnet mask, which defines how large the network is. A subnetmask of 8 means the network contains all IP addresses from: 10.0.0.1 to 10.255.255.254 and a subnetmask of 32 means only 1 IP address. If I would change the command at11:30 to 10.0.0.2/8 that would mean to allow all IP addresses between 10.0.0.1 to 10.255.255.254. If you want to learn more about this, just search for "subnetting", you should find some tutorials about it. I hope that helped you :)
Excellent tutorial, very clear and concise. I went along and it worked perfectly. Did the setup in my Proxmox virtual environment. Now need to experiment further. Thank you!
I did everything up to 6:50 on my cloud VPS server where Ubuntu 20.04 is installed. Then you switched to the client on another Linux Ubuntu. I need my Windows clients to have Windows and not Linux working. How should I create configs for the Windows client then?
Very well explained. I’m a newbie , Wondering how to implement this approach for 2 IPPBX one in LAN the other one in the cloud . Server at cloud same IPPBx ? Client at premises ? Any hint ?
For those like me who are very new to Linux and had no idea how he saved the file, hit esc, then :w to write it. This is the biggest hurdle for linux to overcome. EVERY tutorial requires a dozen searches to figure out stuff they THINK is common knowledge. By the end of it most give up and go back to windows. I'd love to switch over, and everytime I've tried, I've learned some new things, but the amount I have to figure out by searching WHILE watching tutorials/guides cause they don't explain it is astounding. The Linux community needs to stop thinking everyone has been using linux for 10 years if they want to see more people make the switch.
Hi Christian, love your tutorials these are very helpful. I'm wondering, is it gonna work if I set up tunel like in your video to connect remotely to my PC with ubuntu from different network? The problem is that my router changing the IP, it's not static. If you have any tip, please share :)
Hey I am currently trying to get the peer connection to show up on the interface for wg0, I tried every single address from the ip addr command. Please help when you can thanks!
Good day Christian, Was thinking if you can consider doing a video on Wireguard Docker Site-to-Site, specifically Home Server to VPS always-on Wireguard Tunnel ? Many Thanks in advance.
Hi, I installed wireguard on 2 servers and the conf file setup is quite simple. That being said, I cannot ping from master to peer or peer to master using the interface I setup. I used a 10.X.X.X like your example What should I be looking at on the physical server that may not be configured correctly? I also shutdown the firewall and still the ping failed
At 5:53 while you are creating the rules in /etc/wireguard/wg0.conf file.... the eth0 should correspond to anyones adapter? For instance someone else should put there enp2s0 if that is his adapter giving him connection to net or eth0 is the name of the virtual adapter upon which wireguard will run? What if the server's adapter is also setup on eth0? Shouldn t be a conflict there? Also if the client OS is windows, the client gui also has an add a wireguard file option. Nothing else to generate those keys to put it back on the server side ... so is this situation viable only when both server and client using Linux OS? PS PIvpn has a scrip which makes the process wayyyyyyyyyyyyyyyy more easy than all this procedure. And the server generates everything. Client only imports the key and connect and thats it. Thank you
Could you please help me , I need to set it up on my vps and synology nas so that I might setup a plex server accessible outside my home network as my isp blocks all ports and ip is dynamic with double NAT thanks
Hello, do you happen to have any videos about setting up WireGuard on TrueNAS? Because I really need some step by step guide on how to do that. Please and thank you. :)
Hi vielen Dank für das Video! Ich beiße mir leider seit gestern die Zähne daran aus :) Ich habe in einem Rechenzentrum einen Wireguard server in Openstack Ubuntu, der über eine Floating IP erreichbar ist. Zu hause habe ich einen mac, mit dem ich zum Server einen Tunnel aufbauen möchte. Die Verbindung scheint zustande zu kommen, der Handshake wird angezeigt. Ich kann aber weder Server noch Client Pingen (ICMP ist in Security Group freigegeben). Auf dem wg0 Server Int kommt scheinbar nichts an. Hast Du eine Idee, was es noch sein könnte? An meiner Fritzbox muss ich nichts freieben, da die Verbindung zustande kommt, oder?
Danke! Wegen dem Fehler bin ich leider nicht sicher. Solange der Handshake funktioniert sollte der Tunnel stehen. Eventuell ist hier was mit dem Routing nicht korrekt.
Ok this was awesome. It all works flawlessly. However I have to wg set after I reboot the box. Is there a way to make this active on reboot, or do I just run script at boot?
Well configuring the interface my server suddenly shutdown then had a weird garbled graphic on reboot. I've tried setting this up already but as soon as I activated the client my terminal to ubuntu server suddenly disconnects and I cannot connect to any websites. What am I doing wrong? And now my server PC just shuts down while adding the wg0.config. I obviously cannot install this properly as my PC just shutdown again while editing the wg0.conf file.
Kudos.. Could you possibly do a video about Wireguard with udp hole punching... Or recommend a working open source VPN that implements udp hole punching
@@bgpengu Ich hab das von einer Vorlage editiert, allerdings benutze ich den aktuell nicht mehr, da er immer von den Fenstern verdeckt wird und in Windows man das nicht so gut einstellen kann dass der Platz frei wäre. Aber wenn du ihn magst kannst du ihn natürlich gern verwenden und eventuell auch weiter editieren ;)
how can i configure the server so it forwards all incoming request on wg0 to all the connected peers in the same subnet of that interface? that's so i can have communication between every peer within 10.0.0.X
Hello, really good video there by the way. You mentioned about doing a video on public and private keys but i cant find it anywhere. Have you done one?
@@christianlempa Perfect, what's even better about your videos like on this one is following your blog so you can literally just copy and paste commands
wireguard is not included in the raspian repo, therefore you should add the debian sources: echo "deb deb.debian.org/debian/ unstable main" | sudo tee --append /etc/apt/sources.list
hi i am using mikrotik to mikrotik wireguard tunnel but when my client side mikrotik reboot due to any reason my tunnels can reconnect automaticly i need to change public key and re submit in server side to reconnect my tunnel again Please help me in this regard . am also using change mss rule in mangle /ip firewall mangle add action=change-mss chain=forward new-mss=clamp-to-pmtu passthrough=yes \ protocol=tcp tcp-flags=syn
Thanks for the wonderful video. I have wireguard up and running. But now when I try to connect, I am getting the error 'handshake did not complete after 5 seconds, retrying. What can be the reason? Thanks in advance...
Thank you for the kind words 😁. The issue is most likely a network issue, means the client is not able to connect to the server or getting back packets. Check for common problems like "port forwarding", "routing", "dns issues", etc.
Thanks for this video it is really helpful. I learned that tunnel must be started after each system start. Could you please guide me how to start tunnel automatically? Thanks!
Thank you for such an amazing video! It really made it a lot easier to set things up. However, I have an issue. Everything is working just as it does for you in the video, only I cannot seem to be able to ping neither the server nor any other IP addresses. I have tried a few things, but cannot figure it out. Do you maybe have any ideas? Thank you in advance!
Thank you ☺️, check if you have set up the IPtable rules correctly and if set up the IP addresses. Hard to tell without checking your config, so if you have still issues, why not join our discord and share your config, that will help a lot 😊
@@christianlempa Thank you so much for such a quick response! I will check the IPtable rules first and if that does not help, then I will certainly have to join Discord 😁
For me, this works and packets can be traced but it blocks the internet connection on my client VM (server is physical machine and can access internet fine). How to fix this?
Excellent tutorial, Danke. The second time I generated pub/privatekey for the client and tried to run this command "sudo vim /etc/wireguard/wg0.conf" to be able to write the next configuration, it pop up the old vim file where I wrote things about server, so there is where I lost the track. Help plz.
Can I install both wg server and client on the same machine or speaking of one PC connected to internet via wifi (wlan) I must install server on virtual machine and client on Ubuntu or vise versa. What the options do I have?
You can configure a WireGuard interfaces as client or server and also configure multiple interfaces. There are a lot of options possible, it just comes down to how you configure it and how your environment looks like. Don't know if that's what you've asked for, but I hope that helps 😀
I know this is old, but I've been stuck on setting up wireguard forever and this is the only video that worked for me. Never delete this!!
Important to also "sudo ufw allow 51820/udp" on server machine otherwise no connection. Awesome tutorial thanks saved me a lot of time
Can I just even a little under 3ish years this is is the best wireguard setup video. Simple, short, straight to the point and still works.
thank you so much :)
Be aware that Wireguard is UDP only. This can be a pretty big limitation if you are planning to use this over public networks like hotels, or public hotspots, since UDP can be simply blocked there and you will not be able to connect to your server (e.g. I can't connect to my home PC when I'm on my mobile hotspot, UDP gets blocked somewhere on the way to my router). Setting wireguard with TCP wrapping is a pain in the butt, and I wish Wireguard devs wouldn't be so stubborn and just supported both TCP and UDP out of the box for the users' convenience (I really don't buy their argument about performance, it is UDP or nothing, and I would agree on lower performance with TCP if the alternative is "nothing").
Fair point! But watch my newest video, that is the solution to this: th-cam.com/video/Kzyolu9yn0E/w-d-xo.html
if it's UDP it means it's possible for packet loss to happen without retransmitting it??
@@novianindy887 2 layers of TCP is not really useful and can lead to performance loss. VPNs generally should be UDP except in circumstances when UDP is blocked and you're forced to use TCP.
Who blocks udp? That would break so many applications, like anything that streams video
Finally! Thank you so much, I really struggled with configuring Wireguard for a while.
Even better than the official wireguard tutorial. Viel'n Dank, Kumpel!
2 years later and you still saving lifes! 🥰
This video deserves more views.
Excellent walkthrough.
Thank you so much! And yes, I agree with you :D
Thank you very much. The narration is technical and simple, the details are well explained, the practical demonstration is extremely useful.
Thank you! 😉
I really like your voice, so germanish
Haha thanks man 🇩🇪😎
Saved the day ! Changing "FORWARD -i %i" to "FORWARD -i wg0" solved problem with no LAN and internet access. THANKS !
you're welcome friend :)
WOW! The video was great. I understood completely the structure of how to configure. Thank you for that. What I didn't see in your video that would apply to my case is: a) If one peer connected to the server can ping or connect to another peer connected to the same server, and b) If the server can ping the client and connect for example through VNC to the client. Thanks!
Thank you so much! :)
Your guide helped me to finally configure WireGuard without an issue, except I needed to upgrade my Kernel from 5.4.* to 5.7.*, which was not obvious from the beginning. Now I need to teach WG to mimic http/s traffic, because my mobile carrier doesn't like any traffic except http/s. Keep filming more videos, dude.
Thank you! That's pretty interesting, I suppose you needed to change the WG port to 443 or did you need to make any additional changes?
@@christianlempa At the very basic, yes. Unfortunately, unlike OpenVPN, WireGuard is not deigned to obfuscate traffic and fool DPI, it's a known limitation www.wireguard.com/known-limitations/. I need some workaround to achieve it, most likely with some third party tool.
It'll be grade if you make a video about this topic sometime in the future
@@ИванИванов-т7ь3х thanks for sharing this. I'll have a look into that because that's a topic I'm also interested in a lot!
Thank you! The best installation guide on WG ever..
🎯 Key points for quick navigation:
00:00 *Installing WireGuard VPN*
00:37 *New VPN protocol*
01:19 *Ubuntu compatibility demo*
02:01 *Easy package installation*
02:56 *Generate keys command*
04:18 *Sensitive private key*
05:06 *Configure tunnel interface*
06:15 *Change default gateway*
08:21 *Public key setup*
09:38 *Traffic routing setup*
10:52 *Enable packet forwarding*
12:38 *Persistent keepalive packets*
13:52 *Connectivity test success*
15:32 *Capture network packets*
16:44 *Configure custom routing*
Made with HARPA AI
Thank you, for your help. My mini-project at my university is done thanks to you :)
Whilst setting this up it is worth noting on the server side the iptables mentions "eth0" - however on virtual machines this can be enp0s3 or on new ubuntu servers eno1 - or another number depending on the number of interfaces you have. Hope this saves others time :-)
thanks for highlighting this! 😉
Loved this very much! A network pro!
This video has clearly explained what I have researched for a long time. I have made some dollars as well from a client. Thank you, Christian.
Thanks! Glad it helped you 👍
Congratulation - Clear explaination
Glad it was helpful!
Did it work for you? Did you write all the commands as is without changing anything?
Thank you so much for this excellent tutorial.
Glad it was helpful!
probably one of the best videos on this topic even though wireguard has changed slightly it does take longer than 18 minutes to setup the first time LOL :XD
Thank you so much :D
"I think, that is not too complicated..."
You know what is not too complicated? My thinking processes. As for THIS...
Аnyway, great video, sir! My tunnel works as swiss watch now! Subscribed.
Great to hear I could help you and it's working! 😋
Very clear and complete tutorial, thanks.
Glad it was helpful!
Thank you so much, I was so lost configuring the client and it was so easy following your tutorial. Definitely suscribed!
Glad it helped!
very quality lession, keep up hardwork, i'm in :D
Thanks, will do!
Nice video. Saludos desde Perú.
Thank you man!
from Syria ,
best require
Thank you very much, this saved me from madness
Glad it helped!
Great explanation, thank you
Christian! Thank you very much for your video! I could set up wireguard between routerOS and Ubuntu only after watching that :)
This is a great video ... explained perfectly
Thanks 😊
Excellent video!
Thank you very much!
Thank you!! That ipv4 forward thing was exactly what I needed. Finally I can use WG instead of OpenVPN! :)
Thank you soo much.
This helped me a lot.
Keep this good work up!
Thank you! :)
Another great video from you ! Well explained, thank you for this !
Thank you mate! :)
Great stuff, thanks a lot
Thank you for this video. I will try on RHEL8 now.
Nice! You're welcome ;)
how nicely put tutorial. Thanks. Subscribed.
Thanks ;)
Doing this using docker compose, I want that video which will be helpful for docker fans!
I saw you found it already 😊 cheers!
Thank you so much, after look your video i already tried success
Great explanation! Thank you so much! One thing: the sysctl command is not permanent after reboot. For that change /etc/sysctl.conf and then reboot or just enter sysctl -p
please explain if there is differencies in configuring the wireguard server on centos
Thank you. Very good Video. It was very helpful
I'm glad it helped 😊
excellent.
11:30 Why it is port 32 in the end, instead of port 8 as shown at 8:05?
This is not a port, this is the subnet mask, which defines how large the network is. A subnetmask of 8 means the network contains all IP addresses from: 10.0.0.1 to 10.255.255.254 and a subnetmask of 32 means only 1 IP address. If I would change the command at11:30 to 10.0.0.2/8 that would mean to allow all IP addresses between 10.0.0.1 to 10.255.255.254. If you want to learn more about this, just search for "subnetting", you should find some tutorials about it. I hope that helped you :)
@@christianlempa Thank you for explaining this. Very informative and helpful!
Great video bro, thanks
Gran video bro, gracias.
Excellent tutorial, very clear and concise. I went along and it worked perfectly. Did the setup in my Proxmox virtual environment. Now need to experiment further. Thank you!
Thank you so much! :) Keep on experimenting :D
very nice tutorial ... TY :)
Glad it was helpful!
waw an fantastic thanks for your effort
So nice of you
Big thankss for this tutorial 👍👍👍
Thank you! ☺️
thanks a lot !
Hello Christian I would like to route all the traffic that enter in wireguard to mitmproxy, but not only web traffic, tcp, udp and others?
I have followed your tuto, but at the end, I SSH is not responding...
Where does the "fwmark: 0xca6c" suddenly come from? It appears out of nowhere at 10:57
I did everything up to 6:50 on my cloud VPS server where Ubuntu 20.04 is installed. Then you switched to the client on another Linux Ubuntu. I need my Windows clients to have Windows and not Linux working. How should I create configs for the Windows client then?
Man you rally made my day!
I had been struggling with openvpn for a while...
But with your video i could set up wireguard in no time. Thanks!!!
Thanks man 😊, I'm glad it helped you!
Hello, this has worked wonderfully with my laptop, the same general client configuration would work if I apply it to a raspberry pi as a VPN router?
will also all of my Ipv6 traffic be routed through this vpn tunnel? or is in this configuration an ipv6 leak possible?
You can also configure IPv6 addresses in the config files.
@15:00
Can't I just edit the "ip_forward" file and change the value to from 0 to 1?
Very well explained. I’m a newbie , Wondering how to implement this approach for 2 IPPBX one in LAN the other one in the cloud . Server at cloud same IPPBx ? Client at premises ? Any hint ?
Thanks! It should work well with any Protocol, so give it a try 😁
For those like me who are very new to Linux and had no idea how he saved the file, hit esc, then :w to write it.
This is the biggest hurdle for linux to overcome. EVERY tutorial requires a dozen searches to figure out stuff they THINK is common knowledge. By the end of it most give up and go back to windows. I'd love to switch over, and everytime I've tried, I've learned some new things, but the amount I have to figure out by searching WHILE watching tutorials/guides cause they don't explain it is astounding. The Linux community needs to stop thinking everyone has been using linux for 10 years if they want to see more people make the switch.
What app did you use to run the servers? Beside the WireGuard
what does the net.ipv4.ip_forward do?
this enables the packet forwarding feature in Linux, basically what a router does :)
Good video my friend! You saved us, i wish god can pay you, cause i can't!💪
Thank you!
Hi Christian, love your tutorials these are very helpful.
I'm wondering, is it gonna work if I set up tunel like in your video to connect remotely to my PC with ubuntu from different network?
The problem is that my router changing the IP, it's not static.
If you have any tip, please share :)
Hey I am currently trying to get the peer connection to show up on the interface for wg0, I tried every single address from the ip addr command. Please help when you can thanks!
Hey thanks for your videos ! :)
Where can i find the top menu on your windows where displayed cpu informations .. ??
It's a rainmeter plugin you can find on my github dotfiles repository
@@christianlempa Ok thanks
Good day Christian,
Was thinking if you can consider doing a video on Wireguard Docker Site-to-Site, specifically Home Server to VPS always-on Wireguard Tunnel ?
Many Thanks in advance.
Hi, I installed wireguard on 2 servers and the conf file setup is quite simple.
That being said, I cannot ping from master to peer or peer to master using the interface I setup. I used a 10.X.X.X like your example
What should I be looking at on the physical server that may not be configured correctly?
I also shutdown the firewall and still the ping failed
At 5:53 while you are creating the rules in /etc/wireguard/wg0.conf file.... the eth0 should correspond to anyones adapter?
For instance someone else should put there enp2s0 if that is his adapter giving him connection to net or eth0 is the name of the virtual adapter upon which wireguard will run? What if the server's adapter is also setup on eth0?
Shouldn t be a conflict there?
Also if the client OS is windows, the client gui also has an add a wireguard file option. Nothing else to generate those keys to put it back on the server side ... so is this situation viable only when both server and client using Linux OS?
PS PIvpn has a scrip which makes the process wayyyyyyyyyyyyyyyy more easy than all this procedure. And the server generates everything. Client only imports the key and connect and thats it.
Thank you
hi there, can you give examples how can i access internet via browsers ? it gives me "dns probe finished bad config", thx
Could you please help me , I need to set it up on my vps and synology nas so that I might setup a plex server accessible outside my home network as my isp blocks all ports and ip is dynamic with double NAT
thanks
Hello, do you happen to have any videos about setting up WireGuard on TrueNAS? Because I really need some step by step guide on how to do that. Please and thank you. :)
Hi vielen Dank für das Video!
Ich beiße mir leider seit gestern die Zähne daran aus :)
Ich habe in einem Rechenzentrum einen Wireguard server in Openstack Ubuntu, der über eine Floating IP erreichbar ist. Zu hause habe ich einen mac, mit dem ich zum Server einen Tunnel aufbauen möchte. Die Verbindung scheint zustande zu kommen, der Handshake wird angezeigt. Ich kann aber weder Server noch Client Pingen (ICMP ist in Security Group freigegeben). Auf dem wg0 Server Int kommt scheinbar nichts an. Hast Du eine Idee, was es noch sein könnte? An meiner Fritzbox muss ich nichts freieben, da die Verbindung zustande kommt, oder?
Danke! Wegen dem Fehler bin ich leider nicht sicher. Solange der Handshake funktioniert sollte der Tunnel stehen. Eventuell ist hier was mit dem Routing nicht korrekt.
Need a install vid on Arch Arm Wireguard client.
I don’t use Arch btw
Ok this was awesome. It all works flawlessly. However I have to wg set after I reboot the box. Is there a way to make this active on reboot, or do I just run script at boot?
Yeah figured it out.. just have to read the docs.
Thanks! Sorry havent got to the question but glad you found it out :)
what is terminal of at 2.20. i didnt understand
Well configuring the interface my server suddenly shutdown then had a weird garbled graphic on reboot. I've tried setting this up already but as soon as I activated the client my terminal to ubuntu server suddenly disconnects and I cannot connect to any websites. What am I doing wrong? And now my server PC just shuts down while adding the wg0.config. I obviously cannot install this properly as my PC just shutdown again while editing the wg0.conf file.
Kudos..
Could you possibly do a video about Wireguard with udp hole punching...
Or recommend a working open source VPN that implements udp hole punching
Thanks for the good suggestion. I just solved this with DNAT rules and Keep-Alive packets, but I'll have look into this
BIG THANX ❤
You're welcome 😀
Thanks!
Wie hast du die Leiste mit der Auslastung oben hinbekommen? Die sieht so schön aus.
Danke :) das ist rainmeter
@@christianlempa Dürfte ich Fragen, welcher Skin das ist? Ich suche so ähnliche Rainmeter Skins aber kann nichts finden.
@@bgpengu Klar, den Skin findest du in meinem GitHub: github.com/xcad2k/dotfiles/tree/main/Windows/Rainmeter/Skins/xcad
@@christianlempa Hast du diesen Skin selbst geschrieben?
@@bgpengu Ich hab das von einer Vorlage editiert, allerdings benutze ich den aktuell nicht mehr, da er immer von den Fenstern verdeckt wird und in Windows man das nicht so gut einstellen kann dass der Platz frei wäre. Aber wenn du ihn magst kannst du ihn natürlich gern verwenden und eventuell auch weiter editieren ;)
how can i configure the server so it forwards all incoming request on wg0 to all the connected peers in the same subnet of that interface? that's so i can have communication between every peer within 10.0.0.X
Hello, really good video there by the way. You mentioned about doing a video on public and private keys but i cant find it anywhere. Have you done one?
Hey, thank you man! :) That's covered in my SSH auth video: th-cam.com/video/U_uiVyF6MEs/w-d-xo.html
@@christianlempa Perfect, what's even better about your videos like on this one is following your blog so you can literally just copy and paste commands
Thank you! That's great to hear :)
Newby question - Can the same machine that is running the wg server be used as a client?
You can create a second interface that you can use as client, should work
Do you know if you have to download WireGuard kernel modules on raspian (aka raspberry pi OS)????
wireguard is not included in the raspian repo, therefore you should add the debian sources:
echo "deb deb.debian.org/debian/ unstable main" | sudo tee --append /etc/apt/sources.list
hi i am using mikrotik to mikrotik wireguard tunnel but when my client side mikrotik reboot due to any reason my tunnels can reconnect automaticly i need to change public key and re submit in server side to reconnect my tunnel again Please help me in this regard .
am also using change mss rule in mangle
/ip firewall mangle
add action=change-mss chain=forward new-mss=clamp-to-pmtu passthrough=yes \
protocol=tcp tcp-flags=syn
Thanks for the wonderful video. I have wireguard up and running. But now when I try to connect, I am getting the error 'handshake did not complete after 5 seconds, retrying. What can be the reason? Thanks in advance...
Thank you for the kind words 😁. The issue is most likely a network issue, means the client is not able to connect to the server or getting back packets. Check for common problems like "port forwarding", "routing", "dns issues", etc.
@@christianlempa thank you sir for your prompt reply. Will check it out.
Thanks for this video it is really helpful. I learned that tunnel must be started after each system start. Could you please guide me how to start tunnel automatically? Thanks!
I'm glad it helps you :) Sure you can simply add the wg0 interface to systemd: sudo systemctl enable --now wg-quick@wg0.service
Thank you for such an amazing video! It really made it a lot easier to set things up. However, I have an issue. Everything is working just as it does for you in the video, only I cannot seem to be able to ping neither the server nor any other IP addresses. I have tried a few things, but cannot figure it out. Do you maybe have any ideas? Thank you in advance!
The handshake works, but not ping
Thank you ☺️, check if you have set up the IPtable rules correctly and if set up the IP addresses. Hard to tell without checking your config, so if you have still issues, why not join our discord and share your config, that will help a lot 😊
@@christianlempa Thank you so much for such a quick response! I will check the IPtable rules first and if that does not help, then I will certainly have to join Discord 😁
Great video . Do you know how to bypass certain services as client to the server ? Lets say I dont want a port like 54321 routed via Wireguard . :)
Thanks! Well I guess you'd need a more customized IPTables ruleset for that. It's possible, but needs some customization.
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE;
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE;
very good
Thank you! Cheers!
For me, this works and packets can be traced but it blocks the internet connection on my client VM (server is physical machine and can access internet fine). How to fix this?
Excellent tutorial, Danke. The second time I generated pub/privatekey for the client and tried to run this command "sudo vim /etc/wireguard/wg0.conf" to be able to write the next configuration, it pop up the old vim file where I wrote things about server, so there is where I lost the track. Help plz.
Np mate! Have you checked out our Discord for help?
im having trouble to run openvpn as so this is perfect alternative for that..
Can I install both wg server and client on the same machine or speaking of one PC connected to internet via wifi (wlan) I must install server on virtual machine and client on Ubuntu or vise versa. What the options do I have?
You can configure a WireGuard interfaces as client or server and also configure multiple interfaces. There are a lot of options possible, it just comes down to how you configure it and how your environment looks like. Don't know if that's what you've asked for, but I hope that helps 😀
You are created two file wgo.conf in wireguard how reaply me
Is there a way to automate this setup ?