https://wiki.ixheim.de/index.php?action=history&feed=atom&title=Wireguard-cheat-sheet
Wireguard-cheat-sheet - Versionsgeschichte
2026-05-15T04:12:02Z
Versionsgeschichte dieser Seite in Xinux Wiki
MediaWiki 1.35.1
https://wiki.ixheim.de/index.php?title=Wireguard-cheat-sheet&diff=61424&oldid=prev
Thomas.will: Die Seite wurde neu angelegt: „= WireGuard Cheat Sheet = == Installation == *apt install wireguard == Schlüsselpaar erzeugen == *mkdir -p /etc/wireguard *cd /etc/wireguard *wg genkey | te…“
2025-04-12T11:57:03Z
<p>Die Seite wurde neu angelegt: „= WireGuard Cheat Sheet = == Installation == *apt install wireguard == Schlüsselpaar erzeugen == *mkdir -p /etc/wireguard *cd /etc/wireguard *wg genkey | te…“</p>
<p><b>Neue Seite</b></p><div>= WireGuard Cheat Sheet =<br />
<br />
== Installation ==<br />
*apt install wireguard<br />
<br />
== Schlüsselpaar erzeugen ==<br />
*mkdir -p /etc/wireguard<br />
*cd /etc/wireguard<br />
*wg genkey | tee privatekey | wg pubkey > publickey<br />
<br />
== Server-Konfiguration ==<br />
*/etc/wireguard/wg0.conf:<br />
<pre><br />
[Interface]<br />
PrivateKey = SERVER-PRIVATE-KEY<br />
Address = 10.0.0.1/24<br />
ListenPort = 51820<br />
<br />
[Peer]<br />
PublicKey = CLIENT-PUBLIC-KEY<br />
AllowedIPs = 10.0.0.2/32<br />
</pre><br />
<br />
== Client-Konfiguration ==<br />
*/etc/wireguard/wg0.conf:<br />
<pre><br />
[Interface]<br />
PrivateKey = CLIENT-PRIVATE-KEY<br />
Address = 10.0.0.2/24<br />
<br />
[Peer]<br />
PublicKey = SERVER-PUBLIC-KEY<br />
Endpoint = vpn.example.com:51820<br />
AllowedIPs = 0.0.0.0/0, ::/0<br />
PersistentKeepalive = 25<br />
</pre><br />
<br />
== Verbindung starten und stoppen ==<br />
*wg-quick up wg0<br />
*wg-quick down wg0<br />
<br />
== Status anzeigen ==<br />
*wg show<br />
<br />
== Autostart aktivieren/deaktivieren ==<br />
*systemctl enable wg-quick@wg0<br />
*systemctl disable wg-quick@wg0<br />
<br />
== IPv4-Forwarding aktivieren ==<br />
*echo net.ipv4.ip_forward=1 >> /etc/sysctl.conf<br />
*sysctl -p<br />
<br />
== Beispiel nftables-Konfiguration ==<br />
*/etc/nftables.conf:<br />
<pre><br />
table inet filter {<br />
chain input {<br />
type filter hook input priority 0;<br />
policy drop;<br />
iif "wg0" accept<br />
ct state established,related accept<br />
tcp dport 22 accept<br />
udp dport 51820 accept<br />
}<br />
<br />
chain forward {<br />
type filter hook forward priority 0;<br />
policy drop;<br />
iif "wg0" accept<br />
oif "eth0" accept<br />
ct state established,related accept<br />
}<br />
}<br />
</pre><br />
<br />
== NAT mit iptables ==<br />
*iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE<br />
<br />
== NAT mit nftables ==<br />
*/etc/nftables.conf (Zusatz für NAT):<br />
<pre><br />
table ip nat {<br />
chain postrouting {<br />
type nat hook postrouting priority 100;<br />
oifname "eth0" masquerade<br />
}<br />
}<br />
</pre></div>
Thomas.will