Wireguard is an amazing, simple VPN that is already included in the kernel. It’s a very powerful and straightforward tool. It is much easier to set up than OpenVPN. The utility wg-quick, which is part of the Wireguard tools, is used for its simple configuration. For a better understanding, I would like to clarify that in my experience, most solutions, such as WGDashboard and wireguard-ui, generate client configs specifically for wg-quick.
To transfer the Wireguard interface into a separate network namespace for running applications. Why do this? It eliminates the need to proxy traffic to blocked websites through Wireguard using complex solutions. If you need to access somewhere, just launch another browser in the Wireguard namespace, and that’s it! For instance, I modified the Exec line in the shortcut for Thunderbird, which currently lacks a similarly functional alternative, so it always launches through the VPN and can easily collect mail from any SMTP server.
You need to use the vanilla wg-quick without modifications for this to work out of the box.
In the documentation, there are four ways to customize the wg-quick interface: PreUp, PostUp, PreDown, PostDown. Therefore, we need to write scripts in such a way that they perform all necessary tasks. The complete solution is presented at the beginning of this article, and now let’s break it down. I will transform this compact code into a more human-readable format; it will look different but will be word-for-word identical. Note: In the code, you will find %i, which is a macro of wg
-quick that substitutes the name of the interface with the name of the configuration file.
The provided setup allows for the convenient use of Wireguard in separate network namespaces. With this, you can easily manage connections and ensure that applications can operate within their own isolated environments. Enjoy exploring the possibilities that come with Wireguard and its integration into your networking stack!