-- Leo's gemini proxy
-- Connecting to nox.im:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini; charset=utf-8
In an article on how to self host a WireGuard server on OpenBSD[1], I've added several smartphone and Linux clients. Here is a brief summary of steps of adding a peer to a WireGuard server. Create and print the keys that we need:
mkdir myclient && cd myclient
Then this copy and pastable snippet
umask 077 && wg genkey > wg-private-client.key wg pubkey < wg-private-client.key > wg-public-client.key cat wg-private-client.key cat wg-public-client.key doas cat /etc/wireguard/public.key
Edit `doas vi /etc/wireguard/wg0.conf` and add the next client IP, here we incremented to 3. `10.0.0.3`:
# iPhone, iOS / Android smartphone / Linux [Peer] PublicKey = <CLIENT PUBKEY> AllowedIPs = 10.0.0.3/32
Create a new client config `vi wg-client.conf`:
[Interface] PrivateKey = <CLIENT PRIVKEY> Address=10.0.0.3/32 DNS = 9.9.9.9 # Server [Peer] PublicKey = <SERVER PUBKEY> Endpoint = <IP or FQDN>:51820 AllowedIPs = ::/0, 0.0.0.0/0 PersistentKeepalive = 25
Add the route with
wg-quick up ./wg-client.conf
or
wg addconf wg0 <(wg-quick strip wg0)
If the peer doesn't show up in `doas wg show` force restart the interface with `doas sh /etc/netstart wg0`. I remember having some issues but I don't exactly recall the circumstances. This one always worked for troubleshooting for me on config change.
If your client is a smartphone, you can generate a QR code for convenience, even on the command line via:
qrencode --read-from=wg-client.conf --type=UTF8 --level=M
-- Response ended
-- Page fetched on Thu May 9 21:52:54 2024