# Wireguard Setup

## Fedora

```bash
dnf install wireguard
```

/etc/sysctl.d/10-wireguard.conf

```conf
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
```

```bash
sysctl -p
```

### Server

```bash
wg genkey | tee /etc/wireguard/private.key
cat /etc/wireguard/private.key | wg pubkey | tee /etc/wireguard/public.key
```

```bash
cat <<EOF > /etc/wireguard/wg0.conf
[Interface]
Address = 10.10.10.1/24,fd10:10:10::1/64
ListenPort = 51820
PrivateKey = $(cat /etc/wireguard/private.key)
SaveConfig = true
PostUp = iptables -t nat -I POSTROUTING -o bridge0 -j MASQUERADE
PostUp = ip6tables -t nat -I POSTROUTING -o bridge0 -j MASQUERADE
PreDown = iptables -t nat -D POSTROUTING -o bridge0 -j MASQUERADE
PreDown = ip6tables -t nat -D POSTROUTING -o bridge0 -j MASQUERADE
EOF
```

```bash
wg set wg0 peer ndUMratPyYXKiOlU6AT5lYI7v3iohBAimgZY3/jsWik= allowed-ips 10.10.10.2,fd10:10:10::2
```

### Client

```conf
[interface]
PrivateKey = KHgXS7zIqqfb46cfUVKvRZesswZcvib71hhYYcN39mQ=
Address = 10.10.10.2/32,fd10:10:10::2/32

[Peer]
PublicKey = kzbHUGzYk6Uyan/NFYY5mh3pxf2IX/WzWZtImeyp6Sw=
Endpoint = 2600:1700:1e6c:a81f:793d:7abf:e94d:9bc4:51820
AllowedIPs = 0.0.0.0/0,::/0
```

### Testing

```bash
curl -6 icanhazip.com
```