I have been using Wireguard for about a year & a half, when I switched from ZeroTier to Wireguard for most of my needs. Unfortunately, since the start, my Wireguard configuration has been completely manual, and very annoying since I had to create a new interface for every client.
No more.
Today I used the Wireguard Config Generator to generate the configs (I did not specify my endpoint on the website of course). The result was a single server config with keys for two dozen mobile clients. Today I configured three of those mobile clients -- one each for my MacBook Air, my iPhone, and my iPad.
I considered using Netmaker but decided it was way more than I needed. The config generator made that part of the config easy. Loading the config into the Mac client was easy. Loading a config file into the iOS client is not difficult, but it was way more fun using qrencode to generate a QR code to configure the iOS devices.
After I used the Wireguard Config Generator, I updated the client files to specify my endpoint, then I loaded the configs and was off to the races -- with that part anyway.
I had one more step to make this useful. The entire point of my Wiregaurd config is to remotely access my home network. But, since my Wireguard server is on a DigialOcean VM, and I want my systems to access my home network without masquerading, this required a configuration change to my FRR config on my DigitalOcean VM.
I just had to add two blocks:
interface wg0
ip ospf network non-broadcast
exit
To the router ospf configuration, I added the subnet I dedicated to my Wireguard clients:
network 192.168.100.128/27 area 0
Now everything can route to my Wireguard clients, and my Wireguard clients can access my entire network.
I am a system engineer in the Raleigh, NC area. My main interests are Unix, VMware, and networking. More about me, and how I got started.