Point to Point Example
This setup enables a private network connection to the server, preventing other clients on that network from communicating to other clients. DNS and any network access not directly addressed to the private network will egress through the client’s standard network stack.
This creates a /24 network that all machines use, while only allowing point to point communications from each client to the server.
Server
[Interface]
Address = 172.31.255.254/24
SaveConfig = False
ListenPort = 51820
PrivateKey = {SERVER PRIVATE KEY}
# Client #1
[Peer]
PublicKey = {CLIENT PUBLIC KEY}
AllowedIPs = 172.31.255.250/32
...
systemctl enable wg-quick@server
Clients
[Interface]
Address = 172.31.255.250/24
PrivateKey = {CLIENT PRIVATE KEY}
SaveConfig = False
# Wireguard server
[Peer]
PublicKey = {SERVER PUBLIC KEY}
EndPoint = {SERVER PUBLIC IP}:51820
AllowedIPs = 172.31.255.254/32
Warning
Windows clients do not use the SaveConfig
option. Remove this line if
configuring a Windows client.
systemctl enable wg-quick@client
Testing
wg
ping 172.31.255.250
wg
ping 172.31.255.254
ping 172.31.255.100