wireguard

Server

wg genkey | tee server.key | wg pubkey > server.pub
chmod 600 server.key

/etc/wireguard/wg0.conf

[Interface]
Address = 10.158.0.1/24
ListenPort = 51820
MTU = 1360
PrivateKey = PRIVATE_KEY_SERVER

Open the port 51820 for UDP traffic.

Client

set -x WG_CLIENT_NAME
wg genkey | tee $WG_CLIENT_NAME.key | wg pubkey > $WG_CLIENT_NAME.pub
chmod 600 $WG_CLIENT_NAME.key

Append to wg0.conf

[Peer]
PublicKey = PUBLIC_KEY_CLIENT_A
AllowedIPs = 10.158.0.100/32

Client config:

[Interface]
Address = 10.158.0.100/32
MTU = 1360
PrivateKey = PRIVATE_KEY_CLIENT_A

[Peer]
PublicKey = PUBLIC_KEY_SERVER
Endpoint = SERVER_IP:51820
AllowedIPs = 10.158.0.0/24
PersistentKeepalive = 25