Wireguard Server

1. ubuntu@instance-20210915-wireguard:~$ ifconfig
2.  
3. ens3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 9000
4. inet 10.0.0.183 netmask 255.255.255.0 broadcast 10.0.0.255
5. inet6 fe80::17ff:fe00:3654 prefixlen 64 scopeid 0x20<link>
6. ether 02:00:17:00:36:54 txqueuelen 1000 (Ethernet)
7. RX packets 609918 bytes 359694326 (359.6 MB)
8. RX errors 0 dropped 0 overruns 0 frame 0
9. TX packets 613586 bytes 744638315 (744.6 MB)
10. TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
11.  
12. lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
13. inet 127.0.0.1 netmask 255.0.0.0
14. inet6 ::1 prefixlen 128 scopeid 0x10<host>
15. loop txqueuelen 1000 (Local Loopback)
16. RX packets 52957 bytes 6451354 (6.4 MB)
17. RX errors 0 dropped 0 overruns 0 frame 0
18. TX packets 52957 bytes 6451354 (6.4 MB)
19. TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
20.  
21. wg0: flags=209<UP,POINTOPOINT,RUNNING,NOARP> mtu 1420
22. inet 10.6.0.1 netmask 255.255.255.0 destination 10.6.0.1
23. unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 1000 (UNSPEC)
24. RX packets 662 bytes 176468 (176.4 KB)
25. RX errors 0 dropped 0 overruns 0 frame 0
26. TX packets 396 bytes 77836 (77.8 KB)
27. TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
28.  
29. --------------------------------------------------------------------------------------------------------------------
30.  
31. ubuntu@instance-20210915-wireguard:~$ sudo wg show
32. interface: wg0
33. public key: mCK/FAHGtXFBNLS5WpHhSPEBvZRwY09HohD1YkNCNSI=
34. private key: (hidden)
35. listening port: 51820
36.  
37. peer: r56sl4HNKHFkz8/r+aGqOHClMuXUt9lGE34gpktP5Q4=
38. preshared key: (hidden)
39. endpoint: 167.189.155.111:56495
40. allowed ips: 10.6.0.5/32, 172.16.0.10/32
41. latest handshake: 1 minute, 13 seconds ago
42. transfer: 162.95 KiB received, 72.80 KiB sent
43. persistent keepalive: every 15 seconds
44.  
45. peer: ZCAV6xDLswBuqYWs38JYwvx2fwvmR1uEFRIAD760pxI=
46. preshared key: (hidden)
47. endpoint: 167.189.149.52:57321
48. allowed ips: 10.6.0.3/32
49. latest handshake: 2 minutes, 52 seconds ago
50. transfer: 10.49 KiB received, 4.45 KiB sent
51.  
52. peer: WaP0UPdQWKE0uy3F750cOEeLmLkikdtw0XAw/eGcrFI=
53. preshared key: (hidden)
54. allowed ips: 10.6.0.0/24
55.  
56. peer: 2lSWhk5B37yZheuhp7+e3zjySvql943SuQkuFNKteUw=
57. preshared key: (hidden)
58. allowed ips: 10.6.0.4/32
59.  
60. --------------------------------------------------------------------------------------------------------------------
61.  
62. ubuntu@instance-20210915-wireguard:~$ sudo systemctl status wg-quick@wg0.service
63. ● wg-quick@wg0.service - WireGuard via wg-quick(8) for wg0
64. Loaded: loaded (/lib/systemd/system/wg-quick@.service; enabled; vendor preset: enabled)
65. Drop-In: /etc/systemd/system/wg-quick@.service.d
66. └─override.conf
67. Active: active (exited) since Sat 2021-09-25 06:09:16 UTC; 56min ago
68. Docs: man:wg-quick(8)
69. man:wg(8)
70. https://www.wireguard.com/
71. https://www.wireguard.com/quickstart/
72. https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
73. https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
74. Process: 34982 ExecStart=/usr/bin/wg-quick up wg0 (code=exited, status=0/SUCCESS)
75. Main PID: 34982 (code=exited, status=0/SUCCESS)
76.  
77. Sep 25 06:09:16 instance-20210915-wireguard wg-quick[34982]: [#] wg setconf wg0 /dev/fd/63
78. Sep 25 06:09:16 instance-20210915-wireguard wg-quick[34997]: Warning: AllowedIP has nonzero host part: 10.6.0.2/24
79. Sep 25 06:09:16 instance-20210915-wireguard wg-quick[34982]: [#] ip -4 address add 10.6.0.1/24 dev wg0
80. Sep 25 06:09:16 instance-20210915-wireguard wg-quick[34982]: [#] ip link set mtu 1420 up dev wg0
81. Sep 25 06:09:16 instance-20210915-wireguard wg-quick[34982]: [#] ip -4 route add 172.16.0.10/32 dev wg0
82. Sep 25 06:09:16 instance-20210915-wireguard wg-quick[34982]: [#] iptables -A FORWARD -i wg0 -j ACCEPT;
83. Sep 25 06:09:16 instance-20210915-wireguard wg-quick[34982]: [#] iptables -A FORWARD -o wg0 -j ACCEPT;
84. Sep 25 06:09:16 instance-20210915-wireguard wg-quick[34982]: [#] iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
85. Sep 25 06:09:16 instance-20210915-wireguard wg-quick[34982]: [#] sysctl -q -w net.ipv4.ip_forward=1
86. Sep 25 06:09:16 instance-20210915-wireguard systemd[1]: Finished WireGuard via wg-quick(8) for wg0.
87.  
88. --------------------------------------------------------------------------------------------------------------------
89.  
90. ubuntu@instance-20210915-wireguard:~$ sudo iptables -L -n -x -v -t nat
91. Chain PREROUTING (policy ACCEPT 88 packets, 6720 bytes)
92. pkts bytes target prot opt in out source destination
93. 1352 442236 DNAT all -- * * 0.0.0.0/0 172.16.0.0/24 to:10.6.0.1
94.  
95. Chain INPUT (policy ACCEPT 39 packets, 2916 bytes)
96. pkts bytes target prot opt in out source destination
97.  
98. Chain OUTPUT (policy ACCEPT 311 packets, 26715 bytes)
99. pkts bytes target prot opt in out source destination
100.  
101. Chain POSTROUTING (policy ACCEPT 128 packets, 12036 bytes)
102. pkts bytes target prot opt in out source destination
103. 693 65582 MASQUERADE all -- * ens3 10.6.0.0/24 0.0.0.0/0 /* wireguard-nat-rule */
104. 20 1680 MASQUERADE all -- * * 10.6.0.0/24 172.16.0.0/24
105. 0 0 MASQUERADE all -- * eth1 0.0.0.0/0 0.0.0.0/0
106. 183 14679 MASQUERADE all -- * ens3 0.0.0.0/0 0.0.0.0/0
107.  
108. --------------------------------------------------------------------------------------------------------------------
109.  
110. ubuntu@instance-20210915-wireguard:~$ route -n
111. Kernel IP routing table
112. Destination Gateway Genmask Flags Metric Ref Use Iface
113. 0.0.0.0 10.0.0.1 0.0.0.0 UG 100 0 0 ens3
114. 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 ens3
115. 10.6.0.0 0.0.0.0 255.255.255.0 U 0 0 0 wg0
116. 169.254.0.0 0.0.0.0 255.255.0.0 U 100 0 0 ens3
117. 172.16.0.10 0.0.0.0 255.255.255.255 UH 0 0 0 wg0
118.  
119.