wg show

wg-quick up wgx

wg-quick down wgx

apt install wireguard

https://github.com/mjtechguy/wireguard-site-to-site

¹⁾

this has to be done on both server and client.

/etc/sysctl.conf

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
 
# Uncomment the next line to enable packet forwarding for IPv6
#  Enabling this option disables Stateless Address Autoconfiguration
#  based on Router Advertisements for this host
net.ipv6.conf.all.forwarding=1

/etc/wireguard/wgx.conf

[Interface]
Address = 10.99.x.1/30               # this address is the tunnel address
ListenPort = 31037                   # this port is the physical port that should be listened on.
PrivateKey = 6GcJf56i5dY30t7tyuGExlJFl/vkiYcyfvDrTJoevWg=
SaveConfig = false
 
PostUp = iptables -A FORWARD -i %i -j ACCEPT
PostDown = iptables -D FORWARD -i %i -j ACCEPT
 
[Peer]
#Name = XY
PublicKey = KSODnmNkJG+ASAirrpmZJhEHwnCNoa7fIhvBS/txJQY=
AllowedIPs = 192.168.10.0/24,192.168.11.0/24,192.168.12.0/24,192.168.13.0/24,192.168.14.0/24,192.168.15.0/24,10.98.3.0/30,10.99.3.2/32 # this is an example list of allowed ips taken from n02

/etc/wireguard/wgx.conf

[Interface]
Address = 10.99.x.2/30
PrivateKey = qEX8Ag5QmckFHRGX8Cg308N1XXzfp3VXE2MKYPlA2Eo=
 
PostUp = iptables -A FORWARD -i %i -j ACCEPT
PostDown = iptables -D FORWARD -i %i -j ACCEPT
 
[Peer]
PublicKey = 28b1ickTXZiU5XtZbsj6YJuzhkcJXrNP145C3MGBQS0=
AllowedIPs = 192.168.8.0/21,192.168.16.0/21,192.168.24.0/22,10.98.2.0/30,10.99.3.1/30,10.99.7.1/32   # this is a bit of a collapsed view of my home networks
Endpoint = 130.83.6.100:31037
PersistentKeepalive = 2

wg-quick up wgx

on both server and client

systemctl enable wg-quick@wgx

Dont forget to add the firewall rules!