These are the steps to run WireGuard from the command line.
First generate a private key:
wg genkey > private
Create the wg0 interface:
ip link add wg0 type wireguard
Give the interface an address:
ip addr add 10.0.0.1/24 dev wg0
All traffic over wg0 will be encrypted so we need to set the decryption key:
wg set wg0 private-key ./private
Start the new device:
ip link set wg0 up
Now add a peer:
wg set wg0 peer {other_public_key} allowed-ips {other_internal_ip}/32 endpoint {other_public_ip}:{other_wg_listening_port}
You can get the other public key and listening port by doing:
wg
interface: wg0
public key: {other_public_key}
private key: (hidden)
listening port: {other_wg_listening_port}
You can get the public IP and internal IP from:
ip a
2: eth0:
inet {public_ip}/20 brd 142.93.255.255 scope global eth0
4: wg0:
inet 10.0.0.1/24 scope global wg0