Testing on kb-vpn server and X220 laptop…

Create a Droplet on Digital Ocean (smallest one possible).

ssh into the server, then apt update and apt upgrade


The following needs to be done on all the peers (client and server)


sudo -i
apt install wireguard

Create keys:

cd /etc/wireguard/
umask 077
wg genkey | tee privatekey | wg pubkey > publickey


umask 077 sets the default for files created from this point.

Create /etc/wireguard/wg0.conf:

vim /etc/wireguard/wg0.conf

In /etc/wireguard/wg0.conf on the server:

Address =
PrivateKey = <server's privatekey>
ListenPort = 51820

PublicKey = <client1's publickey>
AllowedIPs =

PublicKey = <client2's publickey>
AllowedIPs =

On the server, /etc/sysctl.conf:

# Uncomment the next line to enable packet forwarding for IPv4

In /etc/wireguard/wg0.conf on the clients:

Address =
PrivateKey = <client's privatekey>
# 13/11/2020, Malcolm thinks we don't need a 'ListenPort' on the client
# ListenPort = 51820

PublicKey = <server's publickey>
Endpoint = <server's ip>:51820
AllowedIPs =

# This is for if you're behind a NAT and want the connection to be kept alive.
PersistentKeepalive = 25

To test the VPN, run the following:

wg-quick up wg0
# to take the interface down
wg-quick down wg0

Auto-start the service:

systemctl enable wg-quick@wg0.service

To start or stop the service:

sudo systemctl start wg-quick@wg0.service
sudo systemctl stop wg-quick@wg0.service