# Installation auf Hetzner

**Auf Hetzner-Server:**

```
  ssh hetzner

# Wireguard installieren
  apt install -y wireguard

# Keys generieren
  cd /etc/wireguard
  umask 077
  wg genkey | tee hetzner-private.key | wg pubkey > hetzner-public.key

# Keys anzeigen und notieren!
  cat hetzner-private.key
  cat hetzner-public.key
```

**Config erstellen**
```
nano /etc/wireguard/wg0.conf
```
**Inhalt:**
``` ini
[Interface]
Address = 10.100.0.1/24
ListenPort = 51820
PrivateKey = <HETZNER_PRIVATE_KEY>

PostUp = sysctl -w net.ipv4.ip_forward=1
PostDown = sysctl -w net.ipv4.ip_forward=0

[Peer]
PublicKey = <HOMESERVER_PUBLIC_KEY>
AllowedIPs = 10.100.0.2/32
PersistentKeepalive = 25
```
**Aktivieren**
```bash
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
sysctl -p

systemctl enable wg-quick@wg0
systemctl start wg-quick@wg0
systemctl status wg-quick@wg0
```