====== wireguard command cheatsheet ======

===== create private & public key files =====
<code bash>
$ wg genkey | tee privatekey | wg pubkey > publickey

$ ls
total 16
drwx------  2 root root 4096 Nov 25 22:15 .
drwxr-xr-x 65 root root 4096 Nov 25 22:08 ..
-rw-r--r--  1 root root   45 Nov 25 22:15 privatekey
-rw-r--r--  1 root root   45 Nov 25 22:15 publickey

You should however limit access to these :
$ chmod 600 *key

$ ls -al
total 16
drwx------  2 root root 4096 Nov 25 22:15 .
drwxr-xr-x 65 root root 4096 Nov 25 22:08 ..
-rw-------  1 root root   45 Nov 25 22:15 privatekey
-rw-------  1 root root   45 Nov 25 22:15 publickey


# Syntax:
# wg genkey
# wg pubkey <private_key>
</code>

===== enable wireguard as a service =====
<code bash>
$ sudo systemctl enable wg-quick@wg0
</code>

===== start / stop wireguard =====
<code bash>
$ sudo systemctl start wg-quick@wg0

$ sudo systemctl stop wg-quick@wg0
</code>

===== show the current status of all WireGuard interfaces =====
<code bash>
$ sudo wg show

interface: wg0
  public key: GHI-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x=
  private key: (hidden)
  listening port: 1234

peer: DEF-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x=
  endpoint: 1.2.3.4:1234
  allowed ips: 10.1.248.10/32
  latest handshake: 43 seconds ago
  transfer: 12.98 KiB received, 28.82 KiB sent

peer: ABC-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x=
  endpoint: 1.2.3.4:1234
  allowed ips: 10.1.248.11/32
  latest handshake: 28 minutes, 46 seconds ago
  transfer: 13.39 KiB received, 21.38 KiB sent

TIP: use "$ watch sudo wg show" to create the effect of a constantly updating status window
</code>

===== show the current status of the specified WireGuard interface =====
<code bash>
$ sudo wg show wg0

interface: wg0
  public key: GHI-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x=
  private key: (hidden)
  listening port: 1234

peer: DEF-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x=
  endpoint: 1.2.3.4:1234
  allowed ips: 10.1.248.10/32
  latest handshake: 43 seconds ago
  transfer: 12.98 KiB received, 28.82 KiB sent

peer: ABC-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x=
  endpoint: 1.2.3.4:1234
  allowed ips: 10.1.248.11/32
  latest handshake: 28 minutes, 46 seconds ago
  transfer: 13.39 KiB received, 21.38 KiB sent
</code>


===== others =====

wg showconf <interface>: Show the configuration of the specified WireGuard interface.

wg set <interface> <config_file>: Set the configuration of the specified WireGuard interface.

wg add peer <interface> <peer_config_file>: Add a peer to the specified WireGuard interface.

wg delete peer <interface> <public_key>: Delete a peer from the specified WireGuard interface.

wg set peer <interface> <public_key> <peer_config_file>: Update the configuration of a peer for the specified WireGuard interface.

wg listen-port <interface> <port>: Set the listen port for the specified WireGuard interface.

wg peer <interface> <public_key>: Show the configuration of a peer for the specified WireGuard interface.

wg set keepalive <interface> <public_key> <interval>: Set the keepalive interval for a peer for the specified WireGuard interface.

wg-quick up <interface>: Bring up a WireGuard interface.

wg-quick down <interface>: Bring down a WireGuard interface.

wg-quick save <interface>: Save the current configuration of a WireGuard interface.

wg-quick strip <interface>: Remove any firewall rules created by the wg-quick utility.