Get the latest tech news

WireGuard: Beyond the most basic configuration

Last week I wanted to replace my OpenVPN setup with WireGuard. The basics were well-documented, going beyond the basics was a bit trickier. Let me teach you want I learned. The basics But first, let’s summarize the basics. I have a server with a hosting provider that I want to use as a VPN server. I won’t delve into details here, since there are so many great explanations on the web already (here, here, here or here), let’s just make a quick summary of a simple setup, as a base for discussing the (slightly) more advanced usages I had to configure myself:

I won’t delve into details here, since there are so many great explanations on the web already (, here, here or here), let’s just make a quick summary of a simple setup, as a base for discussing the (slightly) more advanced usages I had to configure myself: The few tutorials who actually explains how to setup IPv6 for a WireGuard-based VPN usually mirror the IPv4 setup: assign a private, non-routable network to it ( 10.100.0.0/16 for IPv4 get translated to something like fd00:dead:beef::/48 for IPv6), assign IP addresses in this network to the server and the clients, and add an ip6tables masquerade action. Just one sanity check: on your server, ip -6 route get 2001:aaaa:bbbb:1000:cafe::2 must return the WireGuard interface ( wg0).

Get the Android app