https://habr.com/ru/post/486452/
### Install the WireGuard and WireGuard tools.
sudo apt install wireguard-dkms wireguard-tools
### Enable the WireGuard kernel module and check the status
sudo modprobe wireguard && lsmod | grep wireguard
### Generate keys
wg genkey | tee wg-server-private.key | wg pubkey > wg-server-public.key
wg genkey | tee wg-client-private.key | wg pubkey > wg-client-public.key
### Server config /etc/wireguard/wg0.conf
[Interface]
Address = 10.200.200.1/24
ListenPort = 51820
PrivateKey = $wg-server-private.key$
[Peer]
PublicKey = $wg-client-public.key$
AllowedIPs = 10.200.200.2/32
### Restart server wg
sudo systemctl restart wg-quick
### Client config
[Interface]
PrivateKey = $wg-client-private.key $
Address = 10.200.200.2/32
DNS = 1.1.1.1
[Peer]
PublicKey = $wg-server-public.key$
AllowedIPs = 0.0.0.0/0
Endpoint = 88.77.66.55:51820
## Allow Forward
sysctl -w net.ipv4.ip_forward=1
### Firewall
iptables -t nat -A POSTROUTING -s 10.200.200.0/24 -o $WAN$ -j MASQUERADE
iptables -t nat -A PREROUTING -i $WAN$ -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.200.200.2
iptables -t nat -A PREROUTING -i $WAN$ -p tcp -m tcp --dport 443 -j DNAT --to-destination 10.200.200.2