WireGuard
Generic client template
[Interface]
PrivateKey = xxx
Address = 192.168.170.X/24
[Peer]
PublicKey = yyy
PreSharedKey = zzz
AllowedIPs = 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
Endpoint = router.domain.com:13231
PersistentKeepalive = 25
Ubuntu client setup using systemd
# create and store the local private key
wg genkey | sudo tee /etc/wireguard/private.key
sudo chmod go= /etc/wireguard/private.key
# create and store the related public key
sudo cat /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key
# create and store an additional preshared key
wg genpsk | sudo tee /etc/wireguard/pskWGPRIVKEY=`cat /etc/wireguard/private.key`
WGPSK=`cat /etc/wireguard/psk`
cat << EOF >> /etc/wireguard/wg0.conf
[Interface]
PrivateKey = ${WGPRIVKEY}
Address =
[Peer]
PublicKey =
PreSharedKey = ${WGPSK}
AllowedIPs = 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
Endpoint = router.domain.com:13231
PersistentKeepalive = 25
EOFsudo vi /etc/wireguard/wg0.conf# enable and start the wg0 interface using the wg-quick service
sudo systemctl enable wg-quick@wg0.service
sudo systemctl start wg-quick@wg0.service
Using post-up and post-down scripts in a WireGuard configuration
You can use PostUp and PostDown scripts to run PowerShell commands to manage Name Resolution Policy Table (NRPT) rules when a WireGuard tunnel connects and disconnects.
[Interface]
PostUp = powershell.exe -Command "& { Add-DnsClientNrptRule -Comment 'wg-tunnel-xxx' -Namespace '.xxx.net' -NameServers 172.16.16.254 }"
PostDown = powershell.exe -Command "& { Get-DnsClientNrptRule | where Comment -eq 'wg-tunnel-xxx' | foreach { Remove-DnsClientNrptRule -Name $_.Name -Force } }"You will need to enable the ability to run scripts through the addition of the DangerousScriptExecution key:
# run the following command using PowerShell running as Administrator
reg add HKLM\Software\WireGuard /v DangerousScriptExecution /t REG_DWORD /d 1 /fReference: adminregistry.md