Primary

• WireGuard Setup as a Gateway (Road Warrior)

Supplemental

• WireGuard Quick Start
• NAT Tutorial with iptables

Notes

• There is little distinction between “server” (Endpoint) and “client” (Peer). A tunnel is established between a Peer’s interface and an Endpoint’s interface. Which traffic goes over the interface to the Endpoint is determined by the AllowedIPs of the Peer. Use 0.0.0.0/0 for all traffic.
• WireGuard can be configured to give the interface a static IP as defined in the configuration file as well as which DNS server to use. I suspect dynamic allocation could be done if one were willing to configure a DHCP service on the server.
• Use wg-quick to setup the wg service and interface
  • It will handle configuring the interface such as setting the ip, bringing it up, and configuring DNS
  • The syntax for the wg-quick config file appears to be a superset of the wg config file
  • There is a handy systemd script which will handle interface config and execute pre-up and post-down commands which are useful for running iptables commands
• tcpdump is quite useful for debugging. For example try tcpdump -i wg0 on the server while pinging on the client to make sure traffic is being sent to the server over the tunnel

Sample Configuration

Client

Server