Cheatsheets:
programming:
How-to:
Troubleshooting:
Rants:
Other:
Sidebar
cheatsheet:wireguard
Table of Contents
wireguard command cheatsheet
create private & public key files
$ wg genkey | tee privatekey | wg pubkey > publickey $ ls total 16 drwx------ 2 root root 4096 Nov 25 22:15 . drwxr-xr-x 65 root root 4096 Nov 25 22:08 .. -rw-r--r-- 1 root root 45 Nov 25 22:15 privatekey -rw-r--r-- 1 root root 45 Nov 25 22:15 publickey You should however limit access to these : $ chmod 600 *key $ ls -al total 16 drwx------ 2 root root 4096 Nov 25 22:15 . drwxr-xr-x 65 root root 4096 Nov 25 22:08 .. -rw------- 1 root root 45 Nov 25 22:15 privatekey -rw------- 1 root root 45 Nov 25 22:15 publickey # Syntax: # wg genkey # wg pubkey <private_key>
enable wireguard as a service
$ sudo systemctl enable wg-quick@wg0
start / stop wireguard
$ sudo systemctl start wg-quick@wg0 $ sudo systemctl stop wg-quick@wg0
show the current status of all WireGuard interfaces
$ sudo wg show interface: wg0 public key: GHI-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x= private key: (hidden) listening port: 1234 peer: DEF-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x= endpoint: 1.2.3.4:1234 allowed ips: 10.1.248.10/32 latest handshake: 43 seconds ago transfer: 12.98 KiB received, 28.82 KiB sent peer: ABC-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x= endpoint: 1.2.3.4:1234 allowed ips: 10.1.248.11/32 latest handshake: 28 minutes, 46 seconds ago transfer: 13.39 KiB received, 21.38 KiB sent TIP: use "$ watch sudo wg show" to create the effect of a constantly updating status window
show the current status of the specified WireGuard interface
$ sudo wg show wg0 interface: wg0 public key: GHI-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x= private key: (hidden) listening port: 1234 peer: DEF-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x= endpoint: 1.2.3.4:1234 allowed ips: 10.1.248.10/32 latest handshake: 43 seconds ago transfer: 12.98 KiB received, 28.82 KiB sent peer: ABC-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x= endpoint: 1.2.3.4:1234 allowed ips: 10.1.248.11/32 latest handshake: 28 minutes, 46 seconds ago transfer: 13.39 KiB received, 21.38 KiB sent
others
wg showconf <interface>: Show the configuration of the specified WireGuard interface.
wg set <interface> <config_file>: Set the configuration of the specified WireGuard interface.
wg add peer <interface> <peer_config_file>: Add a peer to the specified WireGuard interface.
wg delete peer <interface> <public_key>: Delete a peer from the specified WireGuard interface.
wg set peer <interface> <public_key> <peer_config_file>: Update the configuration of a peer for the specified WireGuard interface.
wg listen-port <interface> <port>: Set the listen port for the specified WireGuard interface.
wg peer <interface> <public_key>: Show the configuration of a peer for the specified WireGuard interface.
wg set keepalive <interface> <public_key> <interval>: Set the keepalive interval for a peer for the specified WireGuard interface.
wg-quick up <interface>: Bring up a WireGuard interface.
wg-quick down <interface>: Bring down a WireGuard interface.
wg-quick save <interface>: Save the current configuration of a WireGuard interface.
wg-quick strip <interface>: Remove any firewall rules created by the wg-quick utility.
cheatsheet/wireguard.txt · Last modified: 2023/02/14 10:37 by kamaradski
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
