====== wireguard ======

===== Avoir la connexion au démarrage =====

<code bash>
systemctl enable --now wg-quick@wg0
</code>
Note : il faut que l'interface n'ait pas été activée manuellement auparavant

===== troobleshooting =====

General troubleshooting checklist ([[https://ubuntu.com/server/docs/wireguard-vpn-troubleshooting|source]]:

  * Verify public and private keys. When dealing with multiple peers, it’s easy to mix these up, specially because the contents of these keys is just random data. There is nothing identifying them, and public and private keys are basically the same format-wise.
  * Verify AllowedIPs list on all peers.
  * Check with ip route and ip addr show dev <wg-interface> if the routes and IPs are set as you expect.
  * >> **Double check that you have ''/proc/sys/net/ipv4/ip_forward'' set to ''1'' where needed.** <<
  * When injecting the VPN users into an existing network, without routing, make sure ''/proc/sys/net/ipv4/conf/all/proxy_arp'' is set to ''1''.
  * >> **Make sure the above ''/proc'' entries are in ''/etc/sysctl.conf''** << or a file in /etc/sysctl.d so that they persist reboots