How To Set Up WireGuard on Ubuntu 22.04 | DigitalOcean
www.digitalocean.com
In this tutorial, you will set up WireGuard on an Ubuntu 22.04 server, and then configure another machine to connect to it as a peer using both IPv4 and IPv6…

This was manually solved, I didn’t check any other comment till the issue was fixed.

Take a look at my comment.

Thank you all for helping!

Hello.

I have wireguard set but the second it runs, services like ssh (22) and smb (455/445?) stop working.

nmap thinks my system is down.

Here is my config, I followed debian’s guide since my server is Deb12:

[Interface]
Address = 192.168.1.120/24
SaveConfig = true
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wlp1s0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wlp1s0 -j MASQUERADE
ListenPort = 51820
PrivateKey = XXX

[Peer]
PublicKey = xxx
AllowedIPs = 192.168.1.230/32
Endpoint = 192.168.1.230:50104

No extra config was made.

  • TOR-anon1OP
    410 months ago

    Solved:

    IP Table: Server : 192.168.1.120 / wg0 : 10.0.0.1 Client : 192.168.1.230 / wg0 :10.0.0.2

    Server:

    [Interface]
Address = 10.0.0.1/24
SaveConfig = true
PostUp = iptables -t nat -I POSTROUTING -o wlp1s0 -j MASQUERADE
PostUp = ip rule add table 200 from 192.168.1.230
PostUp = ip route add table 200 default via 192.168.1.1
PreDown = iptables -t nat -D POSTROUTING -o wlp1s0 -j MASQUERADE
PreDown = ip rule delete table 200 from 192.168.1.230
PreDown = ip route delete table 200 default via 192.168.1.1
ListenPort = 51820
PrivateKey = XXX

[Peer]
PublicKey = yyy
AllowedIPs = 0.0.0.0/0

    Client:

    [Interface]
Address = 10.0.0.2/24
PrivateKey = YYY

[Peer]
AllowedIPs = 10.0.0.0/24
Endpoint = 192.168.1.120:51820
PublicKey = xxx
    • @[email protected]
      110 months ago

      Why is this needed? I have the minimal config for both server and client and smb and ssh bith work without issue.

      • TOR-anon1OP
        110 months ago

        Would you mind sharing the config (without keys)?

        This is my first time using WG.

        • @[email protected]
          110 months ago

          There is nothing special about the config, it’s the most basic config you can have as shown in the example at the bottom of this page.

          https://docs.opnsense.org/manual/how-tos/wireguard-client.html

          The part that was a bit complex is the ‘server’ setting. My server is on my router (opnsense) so you need to opnsense specific settings.

          I suspect the reason you need the extra stuff is because of how the Debian server is setup so that stuff will vary if you ever try to run another ‘server’ node. (I put server in quotes because wireguard doesn’t actually have server and client as a concept)

          • TOR-anon1OP
            110 months ago

            I believe it’s automated.

            The server/client thing always confused me.