Tuji set up Wireguard on this server, allowed inbound traffic on a certain port, temporarily enabled ip-forwarding and surfed the Internet a bit on a peer which forwards all traffic through this server. There goes anonymity. I am amazed by Tuji's tendency of messing up. Can't you play on a throw-away server?

Anyway we do have a working Wireguard virtual network now.

  • You install the Wireguard package.
  • You set up a network interface on each peer and let the peers know each other. This means each peer knows the public key of each of its peers.
  • You set up routing on any peer who is supposed to forward traffic to the outside world. Have fun with iptables.
  • Up to this point, the peers do not know where others are on the Internet. The ip addresses+ports (on the Internet) of one's peers are either supplied in the conf file under the key, Endpoint, or discovered as packets are received from one's peers. The endpoint info is constantly updated when packages start to arrive from new ips.
  • Communication, apparently, uses public-private-key encryption. Each peer keeps its own private key to decrypt incoming packets received on the interface. Outbound packets are encrypted using receiving peer's public key.

Over all the idea is simple, which is a strong point. Wait, I didn't talk about AllowedIPs. These are not crucial? These only serve as control and as Wireguard virtual network addressing? Something feels off for me. This thing serves two purposes?