WireGuard

For my VPN setup, I use WireGuard because it is straightforward to configure and performs well. This guide is a personal reference for the baseline server and peer setup I come back to when I need it again. While I typically run Ubuntu on my production servers, my personal homelab runs Arch Linux, so the package installation examples here follow Arch.

Any host can function as a server or as a peer, and a peer can also act as a proxy for another peer without extra WireGuard-specific configuration.

I split the guide into separate server and peer references. Before starting either one, make sure WireGuard is installed on both machines.

Pre-requisites

The first step is installing WireGuard. On Arch Linux, run the following command as the root user or with sudo:

pacman -Syu --noconfirm wireguard-tools ufw

ufw gives me a simpler way to manage the required iptables rules.

If you’re setting up WireGuard in a Proxmox LXC container for either a server or a client, follow these steps:

• Open the container configuration file: /etc/pve/lxc/123.conf (replace 123 with your container ID).
• Append these lines at the end of the file:

lxc.cgroup2.devices.allow: c 10:200 rwm 
lxc.mount.entry: /dev/net dev/net none bind,create=dir

• Save and close the file.
• Update the owner of the tun device by running:

    chown 100000:100000 /dev/net/tun

Server Details

For this example, here are the details I’m using:

When following this guide, be sure to replace these placeholder values with your own specific details. The configuration file is named after the interface: for example, if your interface is wg0, the configuration file will be wg0.conf.

Setup

Once everything is installed and your personalized details are in place, proceed with the respective guide for a server or peer setup to get things running.

From here, continue with the server or peer guide depending on the role you are setting up.