VPN Example
Behaves like a traditional VPN network. All traffic and DNS lookups are routed through the connection to be resolved in the VPN server location.
Server
Enabled IP traffic forwarding on
iptables.echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv6/ip_forward
0644 root root /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1
Automatically adjust
iptables rules to allow forwarded traffic when VPN is up.[Interface]
Address = 172.31.255.254/24
SaveConfig = False
ListenPort = 51820
PrivateKey = {SERVER PRIVATE KEY}
PostUp = iptables -A FORWARD -i {WIREGUARD TUNNEL} -j ACCEPT; iptables -t nat -A POSTROUTING -o {INTERFACE} -j MASQUERADE; ip6tables -A FORWARD -i {WIREGUARD TUNNEL} -j ACCEPT; ip6tables -t nat -A POSTROUTING -o {INTERFACE} -j MASQUERADE
PostDown = iptables -D FORWARD -i {WIREGUARD TUNNEL} -j ACCEPT; iptables -t nat -D POSTROUTING -o {INTERFACE} -j MASQUERADE; ip6tables -D FORWARD -i {WIREGUARD TUNNEL} -j ACCEPT; ip6tables -t nat -D POSTROUTING -o {INTERFACE} -j MASQUERADE
# Client #1
[Peer]
PublicKey = {CLIENT PUBLIC KEY}
AllowedIPs = 172.31.255.250/32
...
Bring up the tunnel for testing.
systemctl enable wg-quick@server
Client
Route all traffic through VPN connection.
[Interface]
Address = 172.31.255.250/24
PrivateKey = {CLIENT PRIVATE KEY}
DNS = 1.1.1.1,1.1.2.2
SaveConfig = False
# Wireguard server
[Peer]
PublicKey = {SERVER PUBLIC KEY}
EndPoint = {SERVER PUBLIC IP}:51820
AllowedIPs = 0.0.0.0/0
Important
Set a custom DNS server if needed. DNS is resolved at the VPN server.
Bring up the tunnel for testing.
systemctl enable wg-quick@vpn-client
Testing
From the client access the Internet and verify that your data is routed through the VPN server.
A quick test can be verifying different IP’s from https://www.whatismyip.com.