How to use the command 'wg' (with examples)

How to use the command 'wg' (with examples)

The wg command is used to manage the configuration of WireGuard interfaces. WireGuard is a secure network tunneling tool that creates virtual private network (VPN) connections. The wg command allows you to check the status of active interfaces, generate private and public keys, and show the current configuration of a WireGuard interface.

Use case 1: Check status of currently active interfaces

Code:

sudo wg

Motivation: This use case is useful when you want to check the status of all active WireGuard interfaces on your system. It provides information about each interface, such as the public key, listening port, and the number of allowed IP addresses.

Explanation: The command sudo wg is used to check the status of currently active WireGuard interfaces. It does not require any arguments.

Example output:

interface: wg0
  public key: QJc9Yn12Tmq8/zMaSoTvhT0H/uY9B3n9WYfDYY+wCxg=
  private key: (hidden)
  listening port: 51820

peer: 2vhu7Q1v00aBWIMj22ro5qs3yej8CuRy9rg8daa5K/8=
  endpoint: 192.168.1.10:51820
  allowed ips: 10.0.0.2/32
  latest handshake: 24 seconds ago
  transfer: 1.23 MiB received, 3.45 MiB sent

Use case 2: Generate a new private key

Code:

wg genkey

Motivation: This use case is useful when you need to generate a new private key for a WireGuard interface. Each interface requires a unique private key for secure communication.

Explanation: The command wg genkey is used to generate a new private key. It does not require any arguments.

Example output:

CvpA0AFyFbLU85sXZY0swHnF3gEgMu+6I+lUATC7hVM=

Use case 3: Generate a public key from a private key

Code:

wg pubkey < path/to/private_key > path/to/public_key

Motivation: This use case is useful when you have a private key and need to generate the corresponding public key. The public key is required for establishing a secure connection between WireGuard interfaces.

Explanation: The command wg pubkey is used to generate a public key from a given private key. It reads the private key from the specified path and writes the corresponding public key to the specified output path.

  • < path/to/private_key>: The path to the private key file.
  • > path/to/public_key: The path to the public key file.

Example output:

path/to/public_key: Rr1zWbnzA8WsAtnwxm1U51FHlCzneWgcBbD4Zsz448Q=

Use case 4: Generate a public and private key

Code:

wg genkey | tee path/to/private_key | wg pubkey > path/to/public_key

Motivation: This use case is useful when you want to generate both a public and private key for a WireGuard interface in one command. This saves time and simplifies the key generation process.

Explanation: The command wg genkey is used to generate a new private key, which is then piped to tee to save the private key to a file and also pipe it to wg pubkey to generate the corresponding public key. The tee command allows you to specify the path to save the private key. The wg pubkey command reads the private key from the pipeline input and writes the public key to the specified output path.

  • | tee path/to/private_key: Saves the private key to the specified file.
  • | wg pubkey: Generates the corresponding public key.

Example output:

path/to/private_key: MlTVGhYOn6l0wb1v8JkT5BFxKNMgcvV+ZA3NCA8PelOo=
path/to/public_key: gINnVYvo0yFkPRgORyf8BJRd0ZncRJVp3n1kEgY9mhI=

Use case 5: Show the current configuration of a WireGuard interface

Code:

sudo wg showconf wg0

Motivation: This use case is useful when you want to see the current configuration of a specific WireGuard interface. It provides detailed information about the interface’s settings, peers, and allowed IP addresses.

Explanation: The command sudo wg showconf is used to display the current configuration of a specified WireGuard interface. You need to provide the name of the interface as an argument.

  • wg0: The name of the WireGuard interface to show the configuration for.

Example output:

[Interface]
PrivateKey = QJc9Yn12Tmq8/zMaSoTvhT0H/uY9B3n9WYfDYY+wCxg=
ListenPort = 51820

[Peer]
PublicKey = 2vhu7Q1v00aBWIMj22ro5qs3yej8CuRy9rg8daa5K/8=
Endpoint = 192.168.1.10:51820
AllowedIPs = 10.0.0.2/32

Conclusion:

The wg command is a powerful tool for managing WireGuard interfaces. It allows you to check the status of active interfaces, generate private and public keys, and show the current configuration of an interface. By understanding these use cases and their examples, you can effectively configure and manage your WireGuard networks.

Tags :

Related Posts

How to use the command screenkey (with examples)

How to use the command screenkey (with examples)

Screenkey is a screencast tool that displays the keys pressed on the screen.

Read More
How to use the command strace (with examples)

How to use the command strace (with examples)

The strace command is a troubleshooting tool that allows you to trace system calls performed by a program or process.

Read More
How to use the command xcowsay (with examples)

How to use the command xcowsay (with examples)

Xcowsay is a command that allows users to display a cute cow and message on their Linux desktop.

Read More