Setting up a wireguard client server network

Let’s say you want to set up a wireguard network using a central server. You have a few devices that are not directly reachable from the internet, but you do have a central server that is reachable. All you need to do is extend this sample config and you are good to go.

Note that you’ll still need to update iptables/nftables appropriately, but this is a good start.

## host02
[Interface]
PrivateKey = 4CkSPldAid5ZePdfNIvDJLu372fyugAcJSMsQBN2MnA=
Address = 10.0.0.2/32
ListenPort = 51822

[Peer]
PublicKey = VZ8Tq9HWOTzdCTK1x8qgVspmAlv3NJ9hLn5AHDGY9ns=
AllowedIPs = 10.0.0.0/24
Endpoint = vpc.example:51823
PersistentKeepalive = 25

========================================


## host01
[Interface]
PrivateKey = uFDx9v5d5+QD9oWl+n971KxgjmbmJC4pInRKUGL74FQ=
Address = 10.0.0.1/32
ListenPort = 51821

[Peer]
PublicKey = VZ8Tq9HWOTzdCTK1x8qgVspmAlv3NJ9hLn5AHDGY9ns=
AllowedIPs = 10.0.0.0/24
Endpoint = vpc.example:51823
PersistentKeepalive = 25

========================================


## vps
[Interface]
PrivateKey = uD2FYOT4Cr8+5sQdLT54L2NlLPdjXVmA+JDhRi8MXUY=
Address = 10.0.0.3/32
ListenPort = 51823
PostUp = sysctl -w net.ipv4.ip_forward=1
PostDown = sysctl -w net.ipv4.ip_forward=0

[Peer]
PublicKey = od9UDJipRMjCHZlJ53hpiACIDim9OZVSbzOwkU3sllc=
AllowedIPs = 10.0.0.1

[Peer]
PublicKey = cMSv25vAYDvJaRyLjYPKHVEe3W1QIVvjRLlYnEZYnUE=
AllowedIPs = 10.0.0.2

========================================