✅ 1. Instal WireGuard
sudo apt update
sudo apt install wireguard -y
✅ 2. Buat kunci private & public
wg genkey | tee server_private.key | wg pubkey > server_public.key
Lihat isinya:
cat server_private.key
cat server_public.key
✅ 3. Buat file config server
sudo nano /etc/wireguard/wg0.conf
Isi dengan:
[Interface]
Address = 10.8.0.1/24
ListenPort = 51820
PrivateKey = MASUKKAN_PRIVATE_KEY_SERVER
# NAT supaya client bisa keluar internet
PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
Ganti eth0 jika interface internet kamu berbeda (cek pakai ip a).
✅ 4. Aktifkan IP Forwarding
echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p
✅ 5. Start & enable WireGuard
sudo systemctl enable wg-quick@wg0
sudo systemctl start wg-quick@wg0
Cek status:
sudo wg
✅ 6. Tambah Client (Contoh 1 klien)
Buat kunci client:
wg genkey | tee client_private.key | wg pubkey > client_public.key
Tambahkan peer klien ke server:
sudo nano /etc/wireguard/wg0.conf
Tambahkan:
[Peer]
PublicKey = PUBLIC_KEY_CLIENT
AllowedIPs = 10.8.0.2/32
Restart WireGuard:
sudo systemctl restart wg-quick@wg0
✅ 7. Config Klien (wg-client.conf)
Buat file di HP/laptop:
[Interface]
PrivateKey = CLIENT_PRIVATE_KEY
Address = 10.8.0.2/24
DNS = 1.1.1.1
[Peer]
PublicKey = SERVER_PUBLIC_KEY
Endpoint = IP_SERVER:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25
⚡ 8. Port Forwarding (Server → Klien)
Contoh: port 8080 server diteruskan ke klien 10.8.0.2:80
Tambah DNAT:
sudo iptables -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT --to-destination 10.8.0.2:80
Izinkan forward:
sudo iptables -A FORWARD -p tcp -d 10.8.0.2 --dport 80 -j ACCEPT
MASQUERADE (jika belum ada)
sudo iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE
✅ 9. Simpan iptables supaya tidak hilang
sudo apt install iptables-persistent -y
sudo netfilter-persistent save
🎉 SELESAI
Sekarang akses dari luar:
http://IP_PUBLIC_SERVER:8080
Akan masuk ke klien WireGuard 10.8.0.2 port 80.