WireGuard

Overview

Deploy WireGuard — the modern, high-performance VPN protocol built into the Linux kernel. Simpler than OpenVPN, faster than IPsec, with a minimal attack surface (~4,000 lines of code). This skill covers server setup, peer management, split tunneling, site-to-site links, mesh topologies, DNS integration (Pi-hole/AdGuard), automated provisioning with QR codes, and monitoring.

Instructions

Step 1: Installation & Key Generation

# Ubuntu/Debian (kernel 5.6+ has WireGuard built-in)
apt update && apt install -y wireguard wireguard-tools qrencode

# Generate server keys
umask 077
wg genkey | tee /etc/wireguard/server_private.key | wg pubkey > /etc/wireguard/server_public.key

# Generate peer keys (+ optional preshared key for post-quantum resistance)