This looks great, thanks! One quick note: one often-unnoticed thing that OpenVPN currently has in its favor is how robust it is in the face of users with different sets of needs or competency levels.
This comes out in, for example, the "Accessing your home LAN" part of your article. It has a bunch of iptables magic that I understand, but presumably shouldn't have to in order to use WireGuard. Actually, the device that makes the most sense to use as a WireGuard server is my router, which is based on BSD; so presumably I'd need modify your commands to get this working on my OS! With OpenVPN, on the other hand, I can literally install a package for my firewall (OPNsense) and it's all done for me with a few clicks. That's what I mean by robustness: I'm capable of getting OpenVPN working on just about any computer, including my GUI based BSD router. WireGuard just doesn't have that yet.
Can attest to wireguard being simple once you know it but horrible to get working the first time.
I did, however, make it harder for myself by setting it up on a Unifi gateway. Where every push of an invalid config would put the gateway in a boot loop, bricking my internet connection for a few minutes.
Thanks for writing this up - you did a great job. I came across it on a DDG search when I was exploring WireGuard and as a result, I found it easy to setup!
Do you know of anything like this available for windows? all the guides are for linux, but I use windows for my every day laptop, I'd also like to set this up for my phone and obviously iOS doesn't really have a cli.
For what it's worth this did seem easy to follow, I just know that when I tried to follow a guide similar to this one a while back I couldn't get it to work for a windows client.
Are you just looking to set it up with iOS and Windows clients? If the Wireguard server is running Linux, an easy way to copy the config over to an iOS or Android device is to use qrencode. For example, `qrencode -t ansiutf8 < $config_file` will output a QR code that can be scanned from the Wireguard app to automatically import as a new tunnel.
I used StavrosK's guide (thank you!) to put together two scripts a while back, one for generating a new server config file, and one to generate a new client config, outputting the config to a file as well as to a QR code on stdout. You can copy the client.conf file over to the Windows machine and import the configuration via the "Import tunnel(s) from file..." option in the Wireguard client, or scan the QR code output from the mobile device clients via "Create from QR code".
Here's my script for generating a client cert: https://cdn.seedno.de/txt/wireguard-certgen. It assumes Wireguard is already configured on the server on interface wg0, and is using the default port of 51820/UDP, though both are configurable via variables. For reference, the accompanying setup script is https://cdn.seedno.de/txt/wireguard-setup. Both scripts require a bit of customization to match your environment (you may want to be particularly careful with the iptables firewall PostUp/PostDown commands), but hopefully they can serve as a starting point to figure out any issues you encountered last time you tried.
I just found this[0] article on setting up WireGuard on Windows, I haven't followed or even studies it too closely, but hope it helps with the Win specific things.
Totally off topic but this is my favorite article to come across when looking around at various networking related things.
It always sends me down a rabbit hole of watching and listening to recordings of people shouting perkele. I always trying to think of a similar word in US English but never can think of anything.
https://www.stavros.io/posts/how-to-configure-wireguard/
It takes hours to set up if you don't know how (and the docs aren't amazing), but it should take you ten minutes using my article.