# Identify your network interface
    ip -o link show | grep ': en\|: eth'
    
    # Note down your active interface name (commonly eth0, ens3, ens18, etc)

# Enable kernel forwarding
    echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
    sysctl -p
    
    # Install WireGuard and iptables-persistent
    apt update && apt upgrade -y
    apt install -y wireguard

# Install iptables-persistent (You'll see prompts for saving current rules)
    apt install -y iptables-persistent
    
    # If you selected 'No' to the prompts, you can save rules later with:
    netfilter-persistent save

# Create WireGuard directory with secure permissions
    install -m 0750 -d /etc/wireguard/
    cd /etc/wireguard/
    
    # Generate server keys
    wg genkey | tee privatekey | wg pubkey > publickey
    chmod 600 privatekey
    
    # Generate pre-shared key for additional security
    wg genpsk > preshared.key
    chmod 600 preshared.key

# Get your network interface name
    INTERFACE=$(ip -o link show | grep ': en\|: eth' | awk -F': ' '{print $2}' | cut -d@ -f1)
    
    # Create server configuration
    nano /etc/wireguard/wg0.conf

[Interface]
    PrivateKey = $(cat privatekey)
    Address = 10.0.0.1/24
    ListenPort = 51820
    SaveConfig = true
    
    # Dynamic interface configuration using your actual network interface
    PostUp = ufw route allow in on wg0 out on %i
    PostUp = iptables -t nat -I POSTROUTING -o %i -j MASQUERADE
    PostUp = ip route add 10.0.0.0/24 dev wg0
    PostDown = ufw route delete allow in on wg0 out on %i
    PostDown = iptables -t nat -D POSTROUTING -o %i -j MASQUERADE
    PostDown = ip route del 10.0.0.0/24 dev wg0
    
    # Client configuration will be added later
    # Replace with client's public key and pre-shared key after client setup
    #[Peer]
    #PublicKey = 
    #PresharedKey = 
    #AllowedIPs = 10.0.0.2/32

# On your local machine
    mkdir ~/wireguard-client
    cd ~/wireguard-client
    
    # Generate client keys
    wg genkey | tee client-privatekey | wg pubkey > client-publickey
    
    # Copy the pre-shared key from server
    # You'll need to securely transfer /etc/wireguard/preshared.key from server to client

[Interface]
    PrivateKey = $(cat client-privatekey)
    Address = 10.0.0.2/24
    DNS = 1.1.1.1, 1.0.0.1
    
    [Peer]
    PublicKey = 
    PresharedKey = 
    Endpoint = :51820
    # Exclude all private subnets to prevent routing conflicts
    AllowedIPs = 0.0.0.0/0, ::/0, !192.168.0.0/16, !172.16.0.0/12, !10.0.0.0/8
    PersistentKeepalive = 25

# On the server, add the client as a peer
    wg set wg0 peer $(cat ~/wireguard-client/client-publickey) \
        preshared-key /etc/wireguard/preshared.key \
        allowed-ips 10.0.0.2/32
    
    # Save the configuration
    wg-quick down wg0
    wg-quick up wg0

# Enable and start WireGuard
    systemctl enable wg-quick@wg0
    systemctl start wg-quick@wg0
    
    # Verify status
    systemctl status wg-quick@wg0

# Configure UFW
    ufw allow 22/tcp
    ufw allow 51820/udp
    ufw enable
    
    # Verify rules
    ufw status numbered

# Check WireGuard status
    wg show
    
    # View connection logs
    journalctl -xeu wg-quick@wg0
    
    # Update system and WireGuard
    apt update && apt upgrade -y