WireGuard and lsyncd to sync a directory.
install wireguard
apt install wireguard / pacman install wireguard-tools
generate keypairs
wg genkey | tee server_private.key | wg pubkey > server_public.key
Server config file /etc/wireguard/wg0.conf
[Interface]
PrivateKey = <server_private_key>
Address = 10.11.12.1/24
ListenPort = 51820
[Peer]
PublicKey = <client1_public_key>
AllowedIPs = 10.11.12.2/32
[Peer]
PublicKey = <client2_public_key>
AllowedIPs = 10.11.12.3/32
# Repeat for all clients...Server iptables
sudo iptables -A FORWARD -o wg0 -j ACCEPT
sudo iptables -t nat -A POSTROUTING -s 10.11.12.0/24 -o eth0 -j MASQUERADE
sudo iptables -A PREROUTING -p tcp -m tcp --dport 2222 -j DNAT --to-destination 10.11.12.x:22
sudo iptables -A POSTROUTING -d 10.11.12.X/22 -p tcp -m tcp --dport 22 -j MASQUERADE
sudo iptables -A INPUT -i wg0 -j ACCEPT
sudo iptables -A FORWARD -i wg0 -j ACCEPT
sudo iptables -A OUTPUT -o wg0 -j ACCEPTClient iptables
Client config
[Interface]
PrivateKey =
Address = 10.11.12.3/24 # Unique IP for each client, e.g., 10.11.12.2, 10.11.12.3, etc.
[Peer]
PublicKey =
Endpoint = hostname:51820
AllowedIPs = 10.11.12.0/24 # Route only traffic destined for the VPN subnet through WireGuard
PersistentKeepalive = 25On both server and client
/etc/syssctl.conf
net.ipv4.ip_forward=1
sudo sysctl -p