English Italian
$ umask 077
$ wg genkey | tee privatekey | wg pubkey > publickey
$ wg genpsk > fcos_client_one_psk
A configuration for routing all traffic on the client over WireGuard:
and set `AllowedIPs =,::/0` in `/etc/wireguard/wg0.conf` on the client configuration to route all IPv4 and IPv6 the traffic on the client computer over the WireGuard interface:
Boot FCOS and log in. When you run `sudo wg show` you should see this:
Check WireGuard configuration on a client
Check WireGuard configuration on FCOS
<Client IP address> above is the IP or FQDN of the Client computer.
Client WireGuard configuration
Configure WireGuard on a client
Configure WireGuard on FCOS
Configuring FCOS to use WireGuard
[core@wireguard-demo ~]$ sudo wg show
interface: wg0
public key: <fcos_public_key>
private key: (hidden)
listening port: 51820
Example FCOS WireGuard configuration
Example FCOS WireGuard configuration with IP forwarding
FCOS has full support for WireGuard out of the box. This guide is going to demonstrate how to setup a single connection between a FCOS server and one client computer. It goes over the basic client configuration, but it does not cover installing WireGuard on your clients.
<FCOS IP address> is the IP or FQDN of the FCOS server.
FCOS uses https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/[predictable interface names] by https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/thread/6IPTZL57Z5NLBMPYMXNVSYAGLRFZBLIP/[default]. Please take care to use the correct interface name for your hardware in the above PostUp and PostDown commands!
Generate a Preshared key per peer pair
Generate Client One WireGuard keys