> For the complete documentation index, see [llms.txt](https://docs.wehost.co.in/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.wehost.co.in/cybersecurity/install-wiregard-vpn.md).

# Install Wiregard VPN

* Wiregard does not follow tradition client server architecture its more of a peer architecture
* wiregard ip address on server has to be different and unique on the network

### On both client and server

```
sudo apt-add-repository universe
```

```
sudo apt-get update
```

```
sudo apt-get install wireguard-tools wireguard
```

```
wg genkey | sudo tee /etc/wireguard/private.key
sudo chmod go= /etc/wireguard/private.key
```

```
sudo cat /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key
```

### On client

```
sudo nano /etc/wireguard/wg0.conf
```

#### Config File

```
[Interface]
PrivateKey = <CLIENT PRIVATE KEY>
Address = <IP ADRESS THAT IS TO BE ASSIGNED TO CLIENT>
ListenPort = <ListenPort>
[Peer]
PublicKey = <Server PUBLIC KEY>
AllowedIPs = <IP ADRESS THE CLIENT IS ALLOWED TO CONNECT TO GENERALLY ALLOW WHOLE NETWORK>
Endpoint = <SERVER ENPOINT WITH PORT NUMBER>
PersistentKeepalive = <KEEP ALIVE>
```

```
[Interface]
PrivateKey = uL4/ae4Yy70Xs0tgcLTbTY96shxEJhoZHdTDmMGC2mk=
Address = 10.10.2.13/24
ListenPort = 51820
[Peer]
PublicKey = kPzafjh7DRS3+rjd44zM3QdXOAnxp4ykxcFqjUB7s3c=
AllowedIPs = 10.10.2.0/24
Endpoint = 192.168.1.189:51820
PersistentKeepalive = 25
```

#### client public key

```
V32y+8IIuARL810iA/QpeDvdbtGP4GPTNDXkO651vSc=
```

#### client private key

```
uL4/ae4Yy70Xs0tgcLTbTY96shxEJhoZHdTDmMGC2mk=
```

### On Server

#### Server Config

```
[Interface]
Address = <IP ADRESS ASSIGNED TO WIREUARD ON SERVER UNIQUE TO WIREGARD BUT ON NETWORK>
ListenPort = <ListenPort>
PrivateKey = <PRIVATE KEY OF SERVER>

[Peer]
PublicKey = <PULIC KEY OF CLIENT>
AllowedIPs = <IP ADRESS CLIENT IS ALLOWED TO TALK TO GENERALLY WHOLE NETWORK>
```

```
[Interface]
Address = 10.10.2.1/24
ListenPort = 51820
PrivateKey = IAhwBAftzCq22C/qyicqEoyi+mSqGRpFhPGv4BSJf0s=

[Peer]
PublicKey = V32y+8IIuARL810iA/QpeDvdbtGP4GPTNDXkO651vSc=
AllowedIPs = 10.10.2.0/24
```

#### server public key

```
kPzafjh7DRS3+rjd44zM3QdXOAnxp4ykxcFqjUB7s3c=
```

#### server private key

```
IAhwBAftzCq22C/qyicqEoyi+mSqGRpFhPGv4BSJf0s=
```

## References

* <https://www.digitalocean.com/community/tutorials/how-to-create-a-point-to-point-vpn-with-wireguard-on-ubuntu-16-04>
* Look into this for S2S
  * <https://ubuntu.com/server/docs/wireguard-vpn-site-to-site>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.wehost.co.in/cybersecurity/install-wiregard-vpn.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.