Official guide: https://www.wireguard.com/quickstart/

Install wireguard on all of the machines

https://www.wireguard.com/install/

Generate private and public keys

wg genkey > private_wireguard_key
wg pubkey < private_wireguard_key

Create a client configuration file /etc/wireguard/wg0.conf

[Interface]
PrivateKey = private_client_wireguard_key
Address = 10.0.0.4/32
ListenPort = 51820

[Peer]
PublicKey = public_server_wireguard_key
AllowedIPs = 10.0.0.0/24
Endpoint = server_ip:51820
PersistentKeepalive = 25

PersistentKeepalive is time that client will wait between attempts to reach to the server. This is required if server cannot reach the client, because of for example firewall. Without this client will connect, but will disconnect shortly and you will not be able to ping client from server.

Create a server configuration file /etc/wireguard.conf

[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = private_server_key

[Peer]
PublicKey = public_peer_key
AllowedIPs = 10.0.0.2/32

[Peer]
PublicKey = public_peer2_key
AllowedIPs = 10.0.0.3/32

[Peer]
PublicKey = public_peer3_key
AllowedIPs = 10.0.0.4/32

[Peer]
PublicKey = public_peer4_key
AllowedIPs = 10.0.0.5/32

Allow communication on selected port on the server

sudo ufw allow 5182
sudo ufw allow in on wg0
sudo ufw allow out on wg0
sudo ufw route allow out on wg0
sudo ufw route allow in on wg0

Start Wireguard service

sudo systemctl start wg-quick@wg0
sudo systemctl enable wg-quick@wg0
sudo systemctl status wg-quick@wg0

Debugging

sudo echo "module wireguard +p" | sudo tee /sys/kernel/debug/dynamic_debug/control
sudo dmesg -wT

sudo wg