Wireguard
๐ ๏ธ Step 1: Deploy an EC2 Instance
Go to AWS EC2 Dashboard โ Launch a new instance.
Choose Amazon Linux 2 / Ubuntu 22.04 / Debian 12 (or any Linux distro).
Select Instance Type (e.g.,
t3.microfor free tier).Configure Network Settings:
- Assign an Elastic IP (so it has a fixed public IP).
- Security Groups:
- Open UDP port 51820 (default WireGuard port).
- Open SSH (port 22) to your IP for remote access.
Launch & Connect to the instance via SSH:
ssh -i your-key.pem ec2-user@your-ec2-public-ip
๐ ๏ธ Step 2: Install WireGuard on EC2
Run the following commands to install WireGuard:
For Amazon Linux 2 / CentOS / RHEL
sudo yum install -y wireguard-toolsFor Ubuntu / Debian
sudo apt update && sudo apt install -y wireguard๐ ๏ธ Step 3: Generate WireGuard Keys
On your EC2 server, generate the keys:
cd /etc/wireguard
umask 077 # Ensures private keys are not world-readable
wg genkey | tee privatekey | wg pubkey > publickeyprivatekeyโ EC2 private key (keep it safe).publickeyโ EC2 public key (share it with clients).
๐ ๏ธ Step 4: Configure WireGuard on EC2
Create the WireGuard config file:
sudo nano /etc/wireguard/wg0.confAdd the following:
[Interface]
PrivateKey = YOUR_EC2_PRIVATE_KEY
Address = 10.0.0.1/24 # Internal VPN IP for EC2
ListenPort = 51820
# Allow traffic forwarding
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
PublicKey = YOUR_HOME_PC_PUBLIC_KEY
AllowedIPs = 10.0.0.2/32 # Home PC internal VPN IPReplace: - YOUR_EC2_PRIVATE_KEY with the private key from privatekey. - YOUR_HOME_PC_PUBLIC_KEY with your home computerโs public key.
๐ ๏ธ Step 5: Enable IP Forwarding
Edit the sysctl config:
sudo nano /etc/sysctl.confUncomment or add this line:
net.ipv4.ip_forward = 1Apply the changes:
sudo sysctl -p๐ ๏ธ Step 6: Start WireGuard on EC2
Enable and start WireGuard:
sudo systemctl enable wg-quick@wg0
sudo systemctl start wg-quick@wg0Check status:
sudo wg๐ ๏ธ Step 7: Install & Configure WireGuard on Your Home PC
Install WireGuard on Home PC (Windows / Linux)
Windows: Install WireGuard for Windows
Linux: Run:
sudo apt install -y wireguard
Generate Keys on Home PC
Run:
wg genkey | tee privatekey | wg pubkey > publickeyprivatekeyโ Home PCโs private key.publickeyโ Home PCโs public key (use this in EC2 config).
Create Home PC Configuration
Edit wg0.conf:
[Interface]
PrivateKey = YOUR_HOME_PC_PRIVATE_KEY
Address = 10.0.0.2/24 # Home PC VPN IP
[Peer]
PublicKey = YOUR_EC2_PUBLIC_KEY
Endpoint = YOUR_EC2_PUBLIC_IP:51820
AllowedIPs = 10.0.0.0/24, 192.168.1.0/24 # Route local network traffic
PersistentKeepalive = 25Replace: - YOUR_HOME_PC_PRIVATE_KEY with the private key from privatekey. - YOUR_EC2_PUBLIC_KEY with the public key from EC2. - YOUR_EC2_PUBLIC_IP with your EC2 instanceโs public IP.
๐ ๏ธ Step 8: Start WireGuard on Home PC
Run:
sudo wg-quick up wg0Check connection:
ping 10.0.0.1If successful, your home PC can now access the EC2 instance.
๐ ๏ธ Step 9: Route Home Network Traffic (Optional)
To access devices on your home network, modify AllowedIPs in the home PC config:
AllowedIPs = 10.0.0.0/24, 192.168.1.0/24Then, on your home router, add a static route: - Destination: 10.0.0.0/24 - Gateway: Home PCโs local IP (e.g., 192.168.1.100)
Now you can access home devices (e.g., ssh 192.168.1.50 for a home server).
๐ ๏ธ Step 10: Automate WireGuard Startup
On EC2:
sudo systemctl enable wg-quick@wg0On Home PC:
sudo systemctl enable wg-quick@wg0