diff --git a/README.md b/README.md
index ff34b9e..8dfc7cf 100644
--- a/README.md
+++ b/README.md
@@ -57,13 +57,16 @@ See https://github.com/pirate/wireguard-docs for example code and documentation
- Table of Contents
-- Intro
+- Intro
+
-- Wireguard Documentation
-- Glossary
+- Wireguard Documentation
+
+- Glossary
+
-- How WireGuard Works
+- How WireGuard Works
+
-- Usage
+- Usage
+
-- Config Reference
+- Config Reference
+
-- Advanced Topics
-- Example Server-To-Server Config with Roaming Devices
-
-- Further Reading
+- Further Reading
+
- Reference Docs
- Tutorials
- Papers, Articles, and Talks
@@ -1112,305 +1102,6 @@ Setups can get somewhat complex and are highly dependent on what you're trying t
---
-# Example Server-To-Server Config with Roaming Devices
-
-WARNING: **Make sure to change the IP addresses and ranges in your configs before running!**
-The blocks used in these examples are reserved for documentation purposes by the IETF and should never be used in real network setups.
-
- - **`192.0.2.0/24`** (TEST-NET-1) IPv4 example range [RFC5737](https://tools.ietf.org/html/rfc5737)
- - **`2001:DB8::/32`** IPv6 example range [RFC3849](https://tools.ietf.org/html/rfc3849)
-
-You can use any private range you want instead, e.g. `10.0.44.0/24`, just make sure
-it doesn't conflict with any of the LAN subnet ranges your peers are on.
-
-The complete example config for the setup below can be found here: https://github.com/pirate/wireguard-docs/tree/master/full-example (WARNING: do not use it on your devices without changing the public/private keys!).
-
-## Overview
-
-### Network Topology
-
-These 5 devices are used in our example setup to explain how WireGuard supports bridging across a variety of network conditions, they're all under an example domain `example-vpn.dev`, with the following short hostnames:
-
-- `public-server1` (not behind a NAT, acts as the main VPN bounce server)
-- `public-server2` (not behind a NAT, joins as a peer without bouncing traffic)
-- `home-server` (behind a NAT, joins as a peer without bouncing traffic)
-- `laptop` (behind NAT, sometimes shared w/ home-server/phone, sometimes roaming)
-- `phone` (behind NAT, sometimes shared w/ home-server/laptop, sometimes roaming)
-
-### Explanation
-
-This VPN config simulates setting up a small VPN subnet `192.0.2.1/24` shared by 5 nodes. Two of the nodes (public-server1 and public-server2) are VPS instances living in a cloud somewhere, with public IPs accessible to the internet. home-server is a stationary node that lives behind a NAT with a dynamic IP, but it doesn't change frequently. Phone and laptop are both roaming nodes, that can either be at home in the same LAN as home-server, or out-and-about using public wifi or cell service to connect to the VPN.
-
-Whenever possible, nodes should connect directly to each other, depending on whether nodes are directly accessible or NATs are between them, traffic will route accordingly:
-
-### The Public Relay
-
-`public-server1` acts as an intermediate relay server between any VPN clients behind NATs, it will forward any 192.0.2.1/24 traffic it receives to the correct peer at the system level (WireGuard doesn't care how this happens, it's handled by the kernel `net.ipv4.ip_forward = 1` and the iptables routing rules).
-
-Each client only needs to define the publicly accessible servers/peers in its config, any traffic bound to other peers behind NATs will go to the catchall `192.0.2.1/24` for the server and will be forwarded accordingly once it hits the main server.
-
-In summary: only direct connections between clients should be configured, any connections that need to be bounced should not be defined as peers, as they should head to the bounce server first and be routed from there back down the vpn to the correct client.
-
-## Full Example Code
-
-To run this full example, simply copy the `full wg0.conf config file for node` section from each node onto each server, enable IP forwarding on the public relay, and then start WireGuard on all the machines.
-
-For more detailed instructions, see the [Quickstart](#Quickstart) guide and API reference above. You can also download the complete example setup here: https://github.com/pirate/wireguard-docs/tree/master/full-example (WARNING: do not use it on your devices without changing the public/private keys!).
-
-## Node Config
-
-### public-server1.example-vpn.tld
- * public endpoint: `public-server1.example-vpn.tld:51820`
- * own vpn ip address: `192.0.2.1`
- * can accept traffic for ips: `192.0.2.1/24`
- * priv key: ``
- * pub key: ``
- * setup required:
- 1. install wireguard
- 2. generate public/private keypair
- 3. create wg0.conf (see below)
- 4. enable kernel ip & arp forwarding, add iptables forwarding rules
- 5. start wireguard
- * config as remote peer:
-```ini
-[Peer]
-# Name = public-server1.example-vpn.tld
-Endpoint = public-server1.example-vpn.tld:51820
-PublicKey =
-# routes traffic to itself and entire subnet of peers as bounce server
-AllowedIPs = 192.0.2.1/24
-PersistentKeepalive = 25
-```
- * config as local interface:
-```ini
-[Interface]
-# Name = public-server1.example-vpn.tld
-Address = 192.0.2.1/24
-ListenPort = 51820
-PrivateKey =
-DNS = 1.1.1.1
-```
- * peers: public-server2, home-server, laptop, phone
- * full `wg0.conf` config file for node:
-```ini
-[Interface]
-# Name = public-server1.example-vpn.tld
-Address = 192.0.2.1/24
-ListenPort = 51820
-PrivateKey =
-DNS = 1.1.1.1
-
-[Peer]
-# Name = public-server2.example-vpn.dev
-Endpoint = public-server2.example-vpn.dev:51820
-PublicKey =
-AllowedIPs = 192.0.2.2/32
-
-[Peer]
-# Name = home-server.example-vpn.dev
-Endpoint = home-server.example-vpn.dev:51820
-PublicKey =
-AllowedIPs = 192.0.2.3/32
-
-[Peer]
-# Name = laptop.example-vpn.dev
-PublicKey =
-AllowedIPs = 192.0.2.4/32
-
-[Peer]
-# phone.example-vpn.dev
-PublicKey =
-AllowedIPs = 192.0.2.5/32
-```
-
-### public-server2.example-vpn.dev
- * public endpoint: `public-server2.example-vpn.dev:51820`
- * own vpn ip address: `192.0.2.2`
- * can accept traffic for ips: `192.0.2.2/32`
- * priv key: ``
- * pub key: ``
- * setup required:
- 1. install wireguard
- 2. generate public/private keypair
- 3. create wg0.conf (see below)
- 4. confirm main public relay server is directly accessible
- 4. start wireguard
- * config as local interface:
-```ini
-[Interface]
-# Name = public-server2.example-vpn.dev
-Address = 192.0.2.2/32
-ListenPort = 51820
-PrivateKey =
-DNS = 1.1.1.1
-```
- * config as peer:
-```ini
-[Peer]
-# Name = public-server2.example-vpn.dev
-Endpoint = public-server2.example-vpn.dev:51820
-PublicKey =
-AllowedIPs = 192.0.2.2/32
-```
- * peers: public-server1
- * full `wg0.conf` config file for node:
-```ini
-[Interface]
-# Name = public-server2.example-vpn.dev
-Address = 192.0.2.2/32
-ListenPort = 51820
-PrivateKey =
-DNS = 1.1.1.1
-
-[Peer]
-# Name = public-server1.example-vpn.tld
-Endpoint = public-server1.example-vpn.tld:51820
-PublicKey =
-# routes traffic to itself and entire subnet of peers as bounce server
-AllowedIPs = 192.0.2.1/24
-PersistentKeepalive = 25
-```
-
-### home-server.example-vpn.dev
- * public endpoint: (none, behind NAT)
- * own vpn ip address: `192.0.2.3`
- * can accept traffic for ips: `192.0.2.3/32`
- * priv key: ``
- * pub key: ``
- * setup required:
- 1. install wireguard
- 2. generate public/private keypair
- 3. create wg0.conf (see below)
- 4. confirm main public relay server is directly accessible
- 4. start wireguard
- * config as local interface:
-```ini
-[Interface]
-# Name = home-server.example-vpn.dev
-Address = 192.0.2.3/32
-ListenPort = 51820
-PrivateKey =
-DNS = 1.1.1.1
-```
- * config as peer:
-```ini
-[Peer]
-# Name = home-server.example-vpn.dev
-Endpoint = home-server.example-vpn.dev:51820
-PublicKey =
-AllowedIPs = 192.0.2.3/32
-```
- * peers: public-server1
- * full `wg0.conf` config file for node:
-```ini
-[Interface]
-# Name = home-server.example-vpn.dev
-Address = 192.0.2.3/32
-ListenPort = 51820
-PrivateKey =
-DNS = 1.1.1.1
-
-[Peer]
-# Name = public-server1.example-vpn.tld
-Endpoint = public-server1.example-vpn.tld:51820
-PublicKey =
-# routes traffic to itself and entire subnet of peers as bounce server
-AllowedIPs = 192.0.2.1/24
-PersistentKeepalive = 25
-```
-
-### laptop.example-vpn.dev
- * public endpoint: (none, behind NAT)
- * own vpn ip address: `192.0.2.4`
- * can accept traffic for ips: `192.0.2.4/32`
- * priv key: ``
- * pub key: ``
- * setup required:
- 1. install wireguard
- 2. generate public/private keypair
- 3. create wg0.conf (see below)
- 4. confirm main public relay server is directly accessible
- 4. start wireguard
- * config as local interface:
-```ini
-[Interface]
-# Name = laptop.example-vpn.dev
-Address = 192.0.2.4/32
-PrivateKey =
-DNS = 1.1.1.1
-```
- * config as peer:
-```ini
-[Peer]
-# Name = laptop.example-vpn.dev
-PublicKey =
-AllowedIPs = 192.0.2.4/32
-```
- * peers: public-server1
- * full `wg0.conf` config file for node:
-```ini
-[Interface]
-# Name = laptop.example-vpn.dev
-Address = 192.0.2.4/32
-PrivateKey =
-DNS = 1.1.1.1
-
-[Peer]
-# Name = public-server1.example-vpn.tld
-Endpoint = public-server1.example-vpn.tld:51820
-PublicKey =
-# routes traffic to itself and entire subnet of peers as bounce server
-AllowedIPs = 192.0.2.1/24
-PersistentKeepalive = 25
-```
-
-### phone.example-vpn.dev
- * public endpoint: (none, behind NAT)
- * own vpn ip address: `192.0.2.5`
- * can accept traffic for ips: `192.0.2.5/32`
- * priv key: ``
- * pub key: ``
- * setup required:
- 1. install wireguard
- 2. generate public/private keypair
- 3. create wg0.conf (see below)
- 4. confirm main public relay server is directly accessible
- 4. start wireguard
- * config as local interface:
-```ini
-[Interface]
-# Name = phone.example-vpn.dev
-Address = 192.0.2.5/32
-PrivateKey =
-DNS = 1.1.1.1
-```
- * config as peer:
-```ini
-[Peer]
-# phone.example-vpn.dev
-PublicKey =
-AllowedIPs = 192.0.2.5/32
-```
- * peers: public-server1
- * full `wg0.conf` config file for node:
-```ini
-[Interface]
-# Name = phone.example-vpn.dev
-Address = 192.0.2.5/32
-PrivateKey =
-DNS = 1.1.1.1
-
-[Peer]
-# Name = public-server1.example-vpn.tld
-Endpoint = public-server1.example-vpn.tld:51820
-PublicKey =
-# routes traffic to itself and entire subnet of peers as bounce server
-AllowedIPs = 192.0.2.1/24
-PersistentKeepalive = 25
-```
-
----
-
# Further Reading
### Reference Docs
diff --git a/example-full/README.md b/example-full/README.md
new file mode 100644
index 0000000..1216dc8
--- /dev/null
+++ b/example-full/README.md
@@ -0,0 +1,303 @@
+# Example Server-To-Server Config with Roaming Devices
+
+WARNING: **Make sure to change the IP addresses and ranges in your configs before running!**
+The blocks used in these examples are reserved for documentation purposes by the IETF and should never be used in real network setups.
+
+ - **`192.0.2.0/24`** (TEST-NET-1) IPv4 example range [RFC5737](https://tools.ietf.org/html/rfc5737)
+ - **`2001:DB8::/32`** IPv6 example range [RFC3849](https://tools.ietf.org/html/rfc3849)
+
+You can use any private range you want instead, e.g. `10.0.44.0/24`, just make sure
+it doesn't conflict with any of the LAN subnet ranges your peers are on.
+
+The complete example config for the setup below can be found here: https://github.com/pirate/wireguard-docs/tree/master/full-example (WARNING: do not use it on your devices without changing the public/private keys!).
+
+## Overview
+
+### Network Topology
+
+These 5 devices are used in our example setup to explain how WireGuard supports bridging across a variety of network conditions, they're all under an example domain `example-vpn.dev`, with the following short hostnames:
+
+- `public-server1` (not behind a NAT, acts as the main VPN bounce server)
+- `public-server2` (not behind a NAT, joins as a peer without bouncing traffic)
+- `home-server` (behind a NAT, joins as a peer without bouncing traffic)
+- `laptop` (behind NAT, sometimes shared w/ home-server/phone, sometimes roaming)
+- `phone` (behind NAT, sometimes shared w/ home-server/laptop, sometimes roaming)
+
+### Explanation
+
+This VPN config simulates setting up a small VPN subnet `192.0.2.1/24` shared by 5 nodes. Two of the nodes (public-server1 and public-server2) are VPS instances living in a cloud somewhere, with public IPs accessible to the internet. home-server is a stationary node that lives behind a NAT with a dynamic IP, but it doesn't change frequently. Phone and laptop are both roaming nodes, that can either be at home in the same LAN as home-server, or out-and-about using public wifi or cell service to connect to the VPN.
+
+Whenever possible, nodes should connect directly to each other, depending on whether nodes are directly accessible or NATs are between them, traffic will route accordingly:
+
+### The Public Relay
+
+`public-server1` acts as an intermediate relay server between any VPN clients behind NATs, it will forward any 192.0.2.1/24 traffic it receives to the correct peer at the system level (WireGuard doesn't care how this happens, it's handled by the kernel `net.ipv4.ip_forward = 1` and the iptables routing rules).
+
+Each client only needs to define the publicly accessible servers/peers in its config, any traffic bound to other peers behind NATs will go to the catchall `192.0.2.1/24` for the server and will be forwarded accordingly once it hits the main server.
+
+In summary: only direct connections between clients should be configured, any connections that need to be bounced should not be defined as peers, as they should head to the bounce server first and be routed from there back down the vpn to the correct client.
+
+## Full Example Code
+
+To run this full example, simply copy the `full wg0.conf config file for node` section from each node onto each server, enable IP forwarding on the public relay, and then start WireGuard on all the machines.
+
+For more detailed instructions, see the [Quickstart](#Quickstart) guide and API reference above. You can also download the complete example setup here: https://github.com/pirate/wireguard-docs/tree/master/full-example (WARNING: do not use it on your devices without changing the public/private keys!).
+
+## Node Config
+
+### public-server1.example-vpn.tld
+ * public endpoint: `public-server1.example-vpn.tld:51820`
+ * own vpn ip address: `192.0.2.1`
+ * can accept traffic for ips: `192.0.2.1/24`
+ * priv key: ``
+ * pub key: ``
+ * setup required:
+ 1. install wireguard
+ 2. generate public/private keypair
+ 3. create wg0.conf (see below)
+ 4. enable kernel ip & arp forwarding, add iptables forwarding rules
+ 5. start wireguard
+ * config as remote peer:
+```ini
+[Peer]
+# Name = public-server1.example-vpn.tld
+Endpoint = public-server1.example-vpn.tld:51820
+PublicKey =
+# routes traffic to itself and entire subnet of peers as bounce server
+AllowedIPs = 192.0.2.1/24
+PersistentKeepalive = 25
+```
+ * config as local interface:
+```ini
+[Interface]
+# Name = public-server1.example-vpn.tld
+Address = 192.0.2.1/24
+ListenPort = 51820
+PrivateKey =
+DNS = 1.1.1.1
+```
+ * peers: public-server2, home-server, laptop, phone
+ * full `wg0.conf` config file for node:
+```ini
+[Interface]
+# Name = public-server1.example-vpn.tld
+Address = 192.0.2.1/24
+ListenPort = 51820
+PrivateKey =
+DNS = 1.1.1.1
+
+[Peer]
+# Name = public-server2.example-vpn.dev
+Endpoint = public-server2.example-vpn.dev:51820
+PublicKey =
+AllowedIPs = 192.0.2.2/32
+
+[Peer]
+# Name = home-server.example-vpn.dev
+Endpoint = home-server.example-vpn.dev:51820
+PublicKey =
+AllowedIPs = 192.0.2.3/32
+
+[Peer]
+# Name = laptop.example-vpn.dev
+PublicKey =
+AllowedIPs = 192.0.2.4/32
+
+[Peer]
+# phone.example-vpn.dev
+PublicKey =
+AllowedIPs = 192.0.2.5/32
+```
+
+### public-server2.example-vpn.dev
+ * public endpoint: `public-server2.example-vpn.dev:51820`
+ * own vpn ip address: `192.0.2.2`
+ * can accept traffic for ips: `192.0.2.2/32`
+ * priv key: ``
+ * pub key: ``
+ * setup required:
+ 1. install wireguard
+ 2. generate public/private keypair
+ 3. create wg0.conf (see below)
+ 4. confirm main public relay server is directly accessible
+ 4. start wireguard
+ * config as local interface:
+```ini
+[Interface]
+# Name = public-server2.example-vpn.dev
+Address = 192.0.2.2/32
+ListenPort = 51820
+PrivateKey =
+DNS = 1.1.1.1
+```
+ * config as peer:
+```ini
+[Peer]
+# Name = public-server2.example-vpn.dev
+Endpoint = public-server2.example-vpn.dev:51820
+PublicKey =
+AllowedIPs = 192.0.2.2/32
+```
+ * peers: public-server1
+ * full `wg0.conf` config file for node:
+```ini
+[Interface]
+# Name = public-server2.example-vpn.dev
+Address = 192.0.2.2/32
+ListenPort = 51820
+PrivateKey =
+DNS = 1.1.1.1
+
+[Peer]
+# Name = public-server1.example-vpn.tld
+Endpoint = public-server1.example-vpn.tld:51820
+PublicKey =
+# routes traffic to itself and entire subnet of peers as bounce server
+AllowedIPs = 192.0.2.1/24
+PersistentKeepalive = 25
+```
+
+### home-server.example-vpn.dev
+ * public endpoint: (none, behind NAT)
+ * own vpn ip address: `192.0.2.3`
+ * can accept traffic for ips: `192.0.2.3/32`
+ * priv key: ``
+ * pub key: ``
+ * setup required:
+ 1. install wireguard
+ 2. generate public/private keypair
+ 3. create wg0.conf (see below)
+ 4. confirm main public relay server is directly accessible
+ 4. start wireguard
+ * config as local interface:
+```ini
+[Interface]
+# Name = home-server.example-vpn.dev
+Address = 192.0.2.3/32
+ListenPort = 51820
+PrivateKey =
+DNS = 1.1.1.1
+```
+ * config as peer:
+```ini
+[Peer]
+# Name = home-server.example-vpn.dev
+Endpoint = home-server.example-vpn.dev:51820
+PublicKey =
+AllowedIPs = 192.0.2.3/32
+```
+ * peers: public-server1
+ * full `wg0.conf` config file for node:
+```ini
+[Interface]
+# Name = home-server.example-vpn.dev
+Address = 192.0.2.3/32
+ListenPort = 51820
+PrivateKey =
+DNS = 1.1.1.1
+
+[Peer]
+# Name = public-server1.example-vpn.tld
+Endpoint = public-server1.example-vpn.tld:51820
+PublicKey =
+# routes traffic to itself and entire subnet of peers as bounce server
+AllowedIPs = 192.0.2.1/24
+PersistentKeepalive = 25
+```
+
+### laptop.example-vpn.dev
+ * public endpoint: (none, behind NAT)
+ * own vpn ip address: `192.0.2.4`
+ * can accept traffic for ips: `192.0.2.4/32`
+ * priv key: ``
+ * pub key: ``
+ * setup required:
+ 1. install wireguard
+ 2. generate public/private keypair
+ 3. create wg0.conf (see below)
+ 4. confirm main public relay server is directly accessible
+ 4. start wireguard
+ * config as local interface:
+```ini
+[Interface]
+# Name = laptop.example-vpn.dev
+Address = 192.0.2.4/32
+PrivateKey =
+DNS = 1.1.1.1
+```
+ * config as peer:
+```ini
+[Peer]
+# Name = laptop.example-vpn.dev
+PublicKey =
+AllowedIPs = 192.0.2.4/32
+```
+ * peers: public-server1
+ * full `wg0.conf` config file for node:
+```ini
+[Interface]
+# Name = laptop.example-vpn.dev
+Address = 192.0.2.4/32
+PrivateKey =
+DNS = 1.1.1.1
+
+[Peer]
+# Name = public-server1.example-vpn.tld
+Endpoint = public-server1.example-vpn.tld:51820
+PublicKey =
+# routes traffic to itself and entire subnet of peers as bounce server
+AllowedIPs = 192.0.2.1/24
+PersistentKeepalive = 25
+```
+
+### phone.example-vpn.dev
+ * public endpoint: (none, behind NAT)
+ * own vpn ip address: `192.0.2.5`
+ * can accept traffic for ips: `192.0.2.5/32`
+ * priv key: ``
+ * pub key: ``
+ * setup required:
+ 1. install wireguard
+ 2. generate public/private keypair
+ 3. create wg0.conf (see below)
+ 4. confirm main public relay server is directly accessible
+ 4. start wireguard
+ * config as local interface:
+```ini
+[Interface]
+# Name = phone.example-vpn.dev
+Address = 192.0.2.5/32
+PrivateKey =
+DNS = 1.1.1.1
+```
+ * config as peer:
+```ini
+[Peer]
+# phone.example-vpn.dev
+PublicKey =
+AllowedIPs = 192.0.2.5/32
+```
+ * peers: public-server1
+ * full `wg0.conf` config file for node:
+```ini
+[Interface]
+# Name = phone.example-vpn.dev
+Address = 192.0.2.5/32
+PrivateKey =
+DNS = 1.1.1.1
+
+[Peer]
+# Name = public-server1.example-vpn.tld
+Endpoint = public-server1.example-vpn.tld:51820
+PublicKey =
+# routes traffic to itself and entire subnet of peers as bounce server
+AllowedIPs = 192.0.2.1/24
+PersistentKeepalive = 25
+```
+
+
+
+
+Suggest changes: https://github.com/pirate/wireguard-docs/issues
+
+
diff --git a/full-example/home-server/home-server.key b/example-full/home-server/home-server.key
similarity index 100%
rename from full-example/home-server/home-server.key
rename to example-full/home-server/home-server.key
diff --git a/full-example/home-server/home-server.key.pub b/example-full/home-server/home-server.key.pub
similarity index 100%
rename from full-example/home-server/home-server.key.pub
rename to example-full/home-server/home-server.key.pub
diff --git a/full-example/home-server/setup.sh b/example-full/home-server/setup.sh
similarity index 100%
rename from full-example/home-server/setup.sh
rename to example-full/home-server/setup.sh
diff --git a/full-example/home-server/start.sh b/example-full/home-server/start.sh
similarity index 100%
rename from full-example/home-server/start.sh
rename to example-full/home-server/start.sh
diff --git a/full-example/home-server/stop.sh b/example-full/home-server/stop.sh
similarity index 100%
rename from full-example/home-server/stop.sh
rename to example-full/home-server/stop.sh
diff --git a/full-example/home-server/wg0.conf b/example-full/home-server/wg0.conf
similarity index 100%
rename from full-example/home-server/wg0.conf
rename to example-full/home-server/wg0.conf
diff --git a/full-example/laptop/laptop.key b/example-full/laptop/laptop.key
similarity index 100%
rename from full-example/laptop/laptop.key
rename to example-full/laptop/laptop.key
diff --git a/full-example/laptop/laptop.key.pub b/example-full/laptop/laptop.key.pub
similarity index 100%
rename from full-example/laptop/laptop.key.pub
rename to example-full/laptop/laptop.key.pub
diff --git a/full-example/laptop/setup.sh b/example-full/laptop/setup.sh
similarity index 100%
rename from full-example/laptop/setup.sh
rename to example-full/laptop/setup.sh
diff --git a/full-example/laptop/start.sh b/example-full/laptop/start.sh
similarity index 100%
rename from full-example/laptop/start.sh
rename to example-full/laptop/start.sh
diff --git a/full-example/laptop/stop.sh b/example-full/laptop/stop.sh
similarity index 100%
rename from full-example/laptop/stop.sh
rename to example-full/laptop/stop.sh
diff --git a/full-example/laptop/wg0.conf b/example-full/laptop/wg0.conf
similarity index 100%
rename from full-example/laptop/wg0.conf
rename to example-full/laptop/wg0.conf
diff --git a/full-example/phone/phone.key b/example-full/phone/phone.key
similarity index 100%
rename from full-example/phone/phone.key
rename to example-full/phone/phone.key
diff --git a/full-example/phone/phone.key.pub b/example-full/phone/phone.key.pub
similarity index 100%
rename from full-example/phone/phone.key.pub
rename to example-full/phone/phone.key.pub
diff --git a/full-example/phone/setup.sh b/example-full/phone/setup.sh
similarity index 100%
rename from full-example/phone/setup.sh
rename to example-full/phone/setup.sh
diff --git a/full-example/phone/start.sh b/example-full/phone/start.sh
similarity index 100%
rename from full-example/phone/start.sh
rename to example-full/phone/start.sh
diff --git a/full-example/phone/stop.sh b/example-full/phone/stop.sh
similarity index 100%
rename from full-example/phone/stop.sh
rename to example-full/phone/stop.sh
diff --git a/full-example/phone/wg0.conf b/example-full/phone/wg0.conf
similarity index 100%
rename from full-example/phone/wg0.conf
rename to example-full/phone/wg0.conf
diff --git a/full-example/public-server1/public-server1.key b/example-full/public-server1/public-server1.key
similarity index 100%
rename from full-example/public-server1/public-server1.key
rename to example-full/public-server1/public-server1.key
diff --git a/full-example/public-server1/public-server1.key.pub b/example-full/public-server1/public-server1.key.pub
similarity index 100%
rename from full-example/public-server1/public-server1.key.pub
rename to example-full/public-server1/public-server1.key.pub
diff --git a/full-example/public-server1/setup.sh b/example-full/public-server1/setup.sh
similarity index 100%
rename from full-example/public-server1/setup.sh
rename to example-full/public-server1/setup.sh
diff --git a/full-example/public-server1/start.sh b/example-full/public-server1/start.sh
similarity index 100%
rename from full-example/public-server1/start.sh
rename to example-full/public-server1/start.sh
diff --git a/full-example/public-server1/stop.sh b/example-full/public-server1/stop.sh
similarity index 100%
rename from full-example/public-server1/stop.sh
rename to example-full/public-server1/stop.sh
diff --git a/full-example/public-server1/wg0.conf b/example-full/public-server1/wg0.conf
similarity index 100%
rename from full-example/public-server1/wg0.conf
rename to example-full/public-server1/wg0.conf
diff --git a/full-example/public-server2/public-server2.key b/example-full/public-server2/public-server2.key
similarity index 100%
rename from full-example/public-server2/public-server2.key
rename to example-full/public-server2/public-server2.key
diff --git a/full-example/public-server2/public-server2.key.pub b/example-full/public-server2/public-server2.key.pub
similarity index 100%
rename from full-example/public-server2/public-server2.key.pub
rename to example-full/public-server2/public-server2.key.pub
diff --git a/full-example/public-server2/setup.sh b/example-full/public-server2/setup.sh
similarity index 100%
rename from full-example/public-server2/setup.sh
rename to example-full/public-server2/setup.sh
diff --git a/full-example/public-server2/start.sh b/example-full/public-server2/start.sh
similarity index 100%
rename from full-example/public-server2/start.sh
rename to example-full/public-server2/start.sh
diff --git a/full-example/public-server2/stop.sh b/example-full/public-server2/stop.sh
similarity index 100%
rename from full-example/public-server2/stop.sh
rename to example-full/public-server2/stop.sh
diff --git a/full-example/public-server2/wg0.conf b/example-full/public-server2/wg0.conf
similarity index 100%
rename from full-example/public-server2/wg0.conf
rename to example-full/public-server2/wg0.conf
diff --git a/example-internet-browsing-vpn/laptop/laptop.key b/example-internet-browsing-vpn/laptop/laptop.key
new file mode 100644
index 0000000..686b3d9
--- /dev/null
+++ b/example-internet-browsing-vpn/laptop/laptop.key
@@ -0,0 +1 @@
+OPmibSXYAAcMIYKNsWqr77zY06Kl750AEB1nWQi1T2o=
diff --git a/example-internet-browsing-vpn/laptop/laptop.key.pub b/example-internet-browsing-vpn/laptop/laptop.key.pub
new file mode 100644
index 0000000..4165fa8
--- /dev/null
+++ b/example-internet-browsing-vpn/laptop/laptop.key.pub
@@ -0,0 +1 @@
+BV5DjXeCugIrjvEZLo4sZ0hN5wveFTH8kOfZ1AIQ5js=
diff --git a/example-internet-browsing-vpn/laptop/setup.sh b/example-internet-browsing-vpn/laptop/setup.sh
new file mode 100644
index 0000000..5fb0157
--- /dev/null
+++ b/example-internet-browsing-vpn/laptop/setup.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+# install wireguard on Ubuntu
+#add-apt-repository ppa:wireguard/wireguard
+#apt update
+#apt install wireguard
+
+# install wireguard on macOS
+brew install wireguard-tools
diff --git a/example-internet-browsing-vpn/laptop/start.sh b/example-internet-browsing-vpn/laptop/start.sh
new file mode 100644
index 0000000..9e6a2fb
--- /dev/null
+++ b/example-internet-browsing-vpn/laptop/start.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick up "$PEER_DIR"/wg0.conf
+wg show
diff --git a/example-internet-browsing-vpn/laptop/stop.sh b/example-internet-browsing-vpn/laptop/stop.sh
new file mode 100644
index 0000000..2faef2c
--- /dev/null
+++ b/example-internet-browsing-vpn/laptop/stop.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick down "$PEER_DIR"/wg0.conf
+wg show
diff --git a/example-internet-browsing-vpn/laptop/wg0.conf b/example-internet-browsing-vpn/laptop/wg0.conf
new file mode 100644
index 0000000..d2f625d
--- /dev/null
+++ b/example-internet-browsing-vpn/laptop/wg0.conf
@@ -0,0 +1,13 @@
+[Interface]
+# Name = laptop.example-vpn.dev
+Address = 10.0.0.4/32
+PrivateKey = OPmibSXYAAcMIYKNsWqr77zY06Kl750AEB1nWQi1T2o=
+DNS = 1.1.1.1
+
+[Peer]
+# Name = public-server1.example-vpn.tld
+Endpoint = public-server1.example-vpn.tld:51820
+PublicKey = q/+jwmL5tNuYSB3z+t9Caj00Pc1YQ8zf+uNPu/UE1wE=
+# routes traffic to itself and entire subnet of peers as bounce server
+AllowedIPs = 10.0.0.1/24
+PersistentKeepalive = 25
diff --git a/example-internet-browsing-vpn/phone/phone.key b/example-internet-browsing-vpn/phone/phone.key
new file mode 100644
index 0000000..a855da1
--- /dev/null
+++ b/example-internet-browsing-vpn/phone/phone.key
@@ -0,0 +1 @@
+WH98AvjKKZ584ZLb69G912bNry2wOda9+kfzm+qbnUw=
diff --git a/example-internet-browsing-vpn/phone/phone.key.pub b/example-internet-browsing-vpn/phone/phone.key.pub
new file mode 100644
index 0000000..0d67922
--- /dev/null
+++ b/example-internet-browsing-vpn/phone/phone.key.pub
@@ -0,0 +1 @@
+VpjKa2MQKXuvttXRwJIe0LLYrtFYGQRTtmt8okUGm3A=
diff --git a/example-internet-browsing-vpn/phone/setup.sh b/example-internet-browsing-vpn/phone/setup.sh
new file mode 100644
index 0000000..fdbf4f4
--- /dev/null
+++ b/example-internet-browsing-vpn/phone/setup.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+# install wireguard on iOS/Android
+echo "Use the iOS App Store / Google Play Store to install WireGuard on your mobile device"
diff --git a/example-internet-browsing-vpn/phone/start.sh b/example-internet-browsing-vpn/phone/start.sh
new file mode 100644
index 0000000..de47355
--- /dev/null
+++ b/example-internet-browsing-vpn/phone/start.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+echo "Use the iOS/Android app to load the wg0.conf file and start Wireguard"
diff --git a/example-internet-browsing-vpn/phone/stop.sh b/example-internet-browsing-vpn/phone/stop.sh
new file mode 100644
index 0000000..4fc7f4a
--- /dev/null
+++ b/example-internet-browsing-vpn/phone/stop.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+echo "Use the iOS/Android app to load the wg0.conf file and stop Wireguard"
diff --git a/example-internet-browsing-vpn/phone/wg0.conf b/example-internet-browsing-vpn/phone/wg0.conf
new file mode 100644
index 0000000..47cf7a1
--- /dev/null
+++ b/example-internet-browsing-vpn/phone/wg0.conf
@@ -0,0 +1,13 @@
+[Interface]
+# Name = phone.example-vpn.dev
+Address = 10.0.0.5/32
+PrivateKey = WH98AvjKKZ584ZLb69G912bNry2wOda9+kfzm+qbnUw=
+DNS = 1.1.1.1
+
+[Peer]
+# Name = public-server1.example-vpn.tld
+Endpoint = public-server1.example-vpn.tld:51820
+PublicKey = q/+jwmL5tNuYSB3z+t9Caj00Pc1YQ8zf+uNPu/UE1wE=
+# routes traffic to itself and entire subnet of peers as bounce server
+AllowedIPs = 10.0.0.1/24
+PersistentKeepalive = 25
diff --git a/example-internet-browsing-vpn/server/public-server1.key b/example-internet-browsing-vpn/server/public-server1.key
new file mode 100644
index 0000000..e97b37e
--- /dev/null
+++ b/example-internet-browsing-vpn/server/public-server1.key
@@ -0,0 +1 @@
+2P/3ll/TxGTjGqwcWnqJMnjwPqGw7oX1RaXlPfsf2FQ=
diff --git a/example-internet-browsing-vpn/server/public-server1.key.pub b/example-internet-browsing-vpn/server/public-server1.key.pub
new file mode 100644
index 0000000..5912f3f
--- /dev/null
+++ b/example-internet-browsing-vpn/server/public-server1.key.pub
@@ -0,0 +1 @@
+q/+jwmL5tNuYSB3z+t9Caj00Pc1YQ8zf+uNPu/UE1wE=
diff --git a/example-internet-browsing-vpn/server/setup.sh b/example-internet-browsing-vpn/server/setup.sh
new file mode 100644
index 0000000..b9991f8
--- /dev/null
+++ b/example-internet-browsing-vpn/server/setup.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+# install wireguard
+add-apt-repository ppa:wireguard/wireguard
+apt update
+apt install wireguard
+
+# to enable kernel relaying/forwarding ability on bounce servers
+echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
+echo "net.ipv4.conf.all.proxy_arp" >> /etc/sysctl.conf
+sudo sysctl -p /etc/sysctl.conf
+
+# to add iptables forwarding rules on bounce servers
+iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+iptables -A FORWARD -i wg0 -o wg0 -m conntrack --ctstate NEW -j ACCEPT
+iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
diff --git a/example-internet-browsing-vpn/server/start.sh b/example-internet-browsing-vpn/server/start.sh
new file mode 100644
index 0000000..9e6a2fb
--- /dev/null
+++ b/example-internet-browsing-vpn/server/start.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick up "$PEER_DIR"/wg0.conf
+wg show
diff --git a/example-internet-browsing-vpn/server/stop.sh b/example-internet-browsing-vpn/server/stop.sh
new file mode 100644
index 0000000..2faef2c
--- /dev/null
+++ b/example-internet-browsing-vpn/server/stop.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick down "$PEER_DIR"/wg0.conf
+wg show
diff --git a/example-internet-browsing-vpn/server/wg0.conf b/example-internet-browsing-vpn/server/wg0.conf
new file mode 100644
index 0000000..7e28ae4
--- /dev/null
+++ b/example-internet-browsing-vpn/server/wg0.conf
@@ -0,0 +1,28 @@
+[Interface]
+# Name = public-server1.example-vpn.tld
+Address = 10.0.0.1/24
+ListenPort = 51820
+PrivateKey = 2P/3ll/TxGTjGqwcWnqJMnjwPqGw7oX1RaXlPfsf2FQ=
+DNS = 1.1.1.1
+
+[Peer]
+# Name = public-server2.example-vpn.dev
+Endpoint = public-server2.example-vpn.dev:51820
+PublicKey = SceMEaVZaZfOGtGXjMsoJjhwxKHkb++9wjxqN1vm32s=
+AllowedIPs = 10.0.0.2/32
+
+[Peer]
+# Name = home-server.example-vpn.dev
+Endpoint = home-server.example-vpn.dev:51820
+PublicKey = 8bSk5fATxg9qdxbK20iTGdrQ7SWvxIBhxdMo+W54pEg=
+AllowedIPs = 10.0.0.3/32
+
+[Peer]
+# Name = laptop.example-vpn.dev
+PublicKey = BV5DjXeCugIrjvEZLo4sZ0hN5wveFTH8kOfZ1AIQ5js=
+AllowedIPs = 10.0.0.4/32
+
+[Peer]
+# Name = phone.example-vpn.dev
+PublicKey = VpjKa2MQKXuvttXRwJIe0LLYrtFYGQRTtmt8okUGm3A=
+AllowedIPs = 10.0.0.5/32
diff --git a/example-lan-briding/montreal/public-server1.key b/example-lan-briding/montreal/public-server1.key
new file mode 100644
index 0000000..e97b37e
--- /dev/null
+++ b/example-lan-briding/montreal/public-server1.key
@@ -0,0 +1 @@
+2P/3ll/TxGTjGqwcWnqJMnjwPqGw7oX1RaXlPfsf2FQ=
diff --git a/example-lan-briding/montreal/public-server1.key.pub b/example-lan-briding/montreal/public-server1.key.pub
new file mode 100644
index 0000000..5912f3f
--- /dev/null
+++ b/example-lan-briding/montreal/public-server1.key.pub
@@ -0,0 +1 @@
+q/+jwmL5tNuYSB3z+t9Caj00Pc1YQ8zf+uNPu/UE1wE=
diff --git a/example-lan-briding/montreal/setup.sh b/example-lan-briding/montreal/setup.sh
new file mode 100644
index 0000000..b9991f8
--- /dev/null
+++ b/example-lan-briding/montreal/setup.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+# install wireguard
+add-apt-repository ppa:wireguard/wireguard
+apt update
+apt install wireguard
+
+# to enable kernel relaying/forwarding ability on bounce servers
+echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
+echo "net.ipv4.conf.all.proxy_arp" >> /etc/sysctl.conf
+sudo sysctl -p /etc/sysctl.conf
+
+# to add iptables forwarding rules on bounce servers
+iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+iptables -A FORWARD -i wg0 -o wg0 -m conntrack --ctstate NEW -j ACCEPT
+iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
diff --git a/example-lan-briding/montreal/start.sh b/example-lan-briding/montreal/start.sh
new file mode 100644
index 0000000..9e6a2fb
--- /dev/null
+++ b/example-lan-briding/montreal/start.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick up "$PEER_DIR"/wg0.conf
+wg show
diff --git a/example-lan-briding/montreal/stop.sh b/example-lan-briding/montreal/stop.sh
new file mode 100644
index 0000000..2faef2c
--- /dev/null
+++ b/example-lan-briding/montreal/stop.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick down "$PEER_DIR"/wg0.conf
+wg show
diff --git a/example-lan-briding/montreal/wg0.conf b/example-lan-briding/montreal/wg0.conf
new file mode 100644
index 0000000..7e28ae4
--- /dev/null
+++ b/example-lan-briding/montreal/wg0.conf
@@ -0,0 +1,28 @@
+[Interface]
+# Name = public-server1.example-vpn.tld
+Address = 10.0.0.1/24
+ListenPort = 51820
+PrivateKey = 2P/3ll/TxGTjGqwcWnqJMnjwPqGw7oX1RaXlPfsf2FQ=
+DNS = 1.1.1.1
+
+[Peer]
+# Name = public-server2.example-vpn.dev
+Endpoint = public-server2.example-vpn.dev:51820
+PublicKey = SceMEaVZaZfOGtGXjMsoJjhwxKHkb++9wjxqN1vm32s=
+AllowedIPs = 10.0.0.2/32
+
+[Peer]
+# Name = home-server.example-vpn.dev
+Endpoint = home-server.example-vpn.dev:51820
+PublicKey = 8bSk5fATxg9qdxbK20iTGdrQ7SWvxIBhxdMo+W54pEg=
+AllowedIPs = 10.0.0.3/32
+
+[Peer]
+# Name = laptop.example-vpn.dev
+PublicKey = BV5DjXeCugIrjvEZLo4sZ0hN5wveFTH8kOfZ1AIQ5js=
+AllowedIPs = 10.0.0.4/32
+
+[Peer]
+# Name = phone.example-vpn.dev
+PublicKey = VpjKa2MQKXuvttXRwJIe0LLYrtFYGQRTtmt8okUGm3A=
+AllowedIPs = 10.0.0.5/32
diff --git a/example-lan-briding/newyork/public-server2.key b/example-lan-briding/newyork/public-server2.key
new file mode 100644
index 0000000..44ad287
--- /dev/null
+++ b/example-lan-briding/newyork/public-server2.key
@@ -0,0 +1 @@
+eDwURfg8PhpUAdPp+OA9pQ5oZQYqGqY3LToUORMh220=
diff --git a/example-lan-briding/newyork/public-server2.key.pub b/example-lan-briding/newyork/public-server2.key.pub
new file mode 100644
index 0000000..52e4ce1
--- /dev/null
+++ b/example-lan-briding/newyork/public-server2.key.pub
@@ -0,0 +1 @@
+SceMEaVZaZfOGtGXjMsoJjhwxKHkb++9wjxqN1vm32s=
diff --git a/example-lan-briding/newyork/setup.sh b/example-lan-briding/newyork/setup.sh
new file mode 100644
index 0000000..5bfea98
--- /dev/null
+++ b/example-lan-briding/newyork/setup.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+# install wireguard
+add-apt-repository ppa:wireguard/wireguard
+apt update
+apt install wireguard
diff --git a/example-lan-briding/newyork/start.sh b/example-lan-briding/newyork/start.sh
new file mode 100644
index 0000000..9e6a2fb
--- /dev/null
+++ b/example-lan-briding/newyork/start.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick up "$PEER_DIR"/wg0.conf
+wg show
diff --git a/example-lan-briding/newyork/stop.sh b/example-lan-briding/newyork/stop.sh
new file mode 100644
index 0000000..2faef2c
--- /dev/null
+++ b/example-lan-briding/newyork/stop.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick down "$PEER_DIR"/wg0.conf
+wg show
diff --git a/example-lan-briding/newyork/wg0.conf b/example-lan-briding/newyork/wg0.conf
new file mode 100644
index 0000000..fa8cf16
--- /dev/null
+++ b/example-lan-briding/newyork/wg0.conf
@@ -0,0 +1,14 @@
+[Interface]
+# Name = public-server2.example-vpn.dev
+Address = 10.0.0.2/32
+ListenPort = 51820
+PrivateKey = eDwURfg8PhpUAdPp+OA9pQ5oZQYqGqY3LToUORMh220=
+DNS = 1.1.1.1
+
+[Peer]
+# Name = public-server1.example-vpn.tld
+Endpoint = public-server1.example-vpn.tld:51820
+PublicKey = q/+jwmL5tNuYSB3z+t9Caj00Pc1YQ8zf+uNPu/UE1wE=
+# routes traffic to itself and entire subnet of peers as bounce server
+AllowedIPs = 10.0.0.1/24
+PersistentKeepalive = 25
diff --git a/example-lan-briding/vancouver/public-server1.key b/example-lan-briding/vancouver/public-server1.key
new file mode 100644
index 0000000..e97b37e
--- /dev/null
+++ b/example-lan-briding/vancouver/public-server1.key
@@ -0,0 +1 @@
+2P/3ll/TxGTjGqwcWnqJMnjwPqGw7oX1RaXlPfsf2FQ=
diff --git a/example-lan-briding/vancouver/public-server1.key.pub b/example-lan-briding/vancouver/public-server1.key.pub
new file mode 100644
index 0000000..5912f3f
--- /dev/null
+++ b/example-lan-briding/vancouver/public-server1.key.pub
@@ -0,0 +1 @@
+q/+jwmL5tNuYSB3z+t9Caj00Pc1YQ8zf+uNPu/UE1wE=
diff --git a/example-lan-briding/vancouver/setup.sh b/example-lan-briding/vancouver/setup.sh
new file mode 100644
index 0000000..b9991f8
--- /dev/null
+++ b/example-lan-briding/vancouver/setup.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+# install wireguard
+add-apt-repository ppa:wireguard/wireguard
+apt update
+apt install wireguard
+
+# to enable kernel relaying/forwarding ability on bounce servers
+echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
+echo "net.ipv4.conf.all.proxy_arp" >> /etc/sysctl.conf
+sudo sysctl -p /etc/sysctl.conf
+
+# to add iptables forwarding rules on bounce servers
+iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+iptables -A FORWARD -i wg0 -o wg0 -m conntrack --ctstate NEW -j ACCEPT
+iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
diff --git a/example-lan-briding/vancouver/start.sh b/example-lan-briding/vancouver/start.sh
new file mode 100644
index 0000000..9e6a2fb
--- /dev/null
+++ b/example-lan-briding/vancouver/start.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick up "$PEER_DIR"/wg0.conf
+wg show
diff --git a/example-lan-briding/vancouver/stop.sh b/example-lan-briding/vancouver/stop.sh
new file mode 100644
index 0000000..2faef2c
--- /dev/null
+++ b/example-lan-briding/vancouver/stop.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick down "$PEER_DIR"/wg0.conf
+wg show
diff --git a/example-lan-briding/vancouver/wg0.conf b/example-lan-briding/vancouver/wg0.conf
new file mode 100644
index 0000000..7e28ae4
--- /dev/null
+++ b/example-lan-briding/vancouver/wg0.conf
@@ -0,0 +1,28 @@
+[Interface]
+# Name = public-server1.example-vpn.tld
+Address = 10.0.0.1/24
+ListenPort = 51820
+PrivateKey = 2P/3ll/TxGTjGqwcWnqJMnjwPqGw7oX1RaXlPfsf2FQ=
+DNS = 1.1.1.1
+
+[Peer]
+# Name = public-server2.example-vpn.dev
+Endpoint = public-server2.example-vpn.dev:51820
+PublicKey = SceMEaVZaZfOGtGXjMsoJjhwxKHkb++9wjxqN1vm32s=
+AllowedIPs = 10.0.0.2/32
+
+[Peer]
+# Name = home-server.example-vpn.dev
+Endpoint = home-server.example-vpn.dev:51820
+PublicKey = 8bSk5fATxg9qdxbK20iTGdrQ7SWvxIBhxdMo+W54pEg=
+AllowedIPs = 10.0.0.3/32
+
+[Peer]
+# Name = laptop.example-vpn.dev
+PublicKey = BV5DjXeCugIrjvEZLo4sZ0hN5wveFTH8kOfZ1AIQ5js=
+AllowedIPs = 10.0.0.4/32
+
+[Peer]
+# Name = phone.example-vpn.dev
+PublicKey = VpjKa2MQKXuvttXRwJIe0LLYrtFYGQRTtmt8okUGm3A=
+AllowedIPs = 10.0.0.5/32
diff --git a/example-simple-client-to-server/client/laptop.key b/example-simple-client-to-server/client/laptop.key
new file mode 100644
index 0000000..686b3d9
--- /dev/null
+++ b/example-simple-client-to-server/client/laptop.key
@@ -0,0 +1 @@
+OPmibSXYAAcMIYKNsWqr77zY06Kl750AEB1nWQi1T2o=
diff --git a/example-simple-client-to-server/client/laptop.key.pub b/example-simple-client-to-server/client/laptop.key.pub
new file mode 100644
index 0000000..4165fa8
--- /dev/null
+++ b/example-simple-client-to-server/client/laptop.key.pub
@@ -0,0 +1 @@
+BV5DjXeCugIrjvEZLo4sZ0hN5wveFTH8kOfZ1AIQ5js=
diff --git a/example-simple-client-to-server/client/setup.sh b/example-simple-client-to-server/client/setup.sh
new file mode 100644
index 0000000..5fb0157
--- /dev/null
+++ b/example-simple-client-to-server/client/setup.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+# install wireguard on Ubuntu
+#add-apt-repository ppa:wireguard/wireguard
+#apt update
+#apt install wireguard
+
+# install wireguard on macOS
+brew install wireguard-tools
diff --git a/example-simple-client-to-server/client/start.sh b/example-simple-client-to-server/client/start.sh
new file mode 100644
index 0000000..9e6a2fb
--- /dev/null
+++ b/example-simple-client-to-server/client/start.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick up "$PEER_DIR"/wg0.conf
+wg show
diff --git a/example-simple-client-to-server/client/stop.sh b/example-simple-client-to-server/client/stop.sh
new file mode 100644
index 0000000..2faef2c
--- /dev/null
+++ b/example-simple-client-to-server/client/stop.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick down "$PEER_DIR"/wg0.conf
+wg show
diff --git a/example-simple-client-to-server/client/wg0.conf b/example-simple-client-to-server/client/wg0.conf
new file mode 100644
index 0000000..d2f625d
--- /dev/null
+++ b/example-simple-client-to-server/client/wg0.conf
@@ -0,0 +1,13 @@
+[Interface]
+# Name = laptop.example-vpn.dev
+Address = 10.0.0.4/32
+PrivateKey = OPmibSXYAAcMIYKNsWqr77zY06Kl750AEB1nWQi1T2o=
+DNS = 1.1.1.1
+
+[Peer]
+# Name = public-server1.example-vpn.tld
+Endpoint = public-server1.example-vpn.tld:51820
+PublicKey = q/+jwmL5tNuYSB3z+t9Caj00Pc1YQ8zf+uNPu/UE1wE=
+# routes traffic to itself and entire subnet of peers as bounce server
+AllowedIPs = 10.0.0.1/24
+PersistentKeepalive = 25
diff --git a/example-simple-client-to-server/server/public-server1.key b/example-simple-client-to-server/server/public-server1.key
new file mode 100644
index 0000000..e97b37e
--- /dev/null
+++ b/example-simple-client-to-server/server/public-server1.key
@@ -0,0 +1 @@
+2P/3ll/TxGTjGqwcWnqJMnjwPqGw7oX1RaXlPfsf2FQ=
diff --git a/example-simple-client-to-server/server/public-server1.key.pub b/example-simple-client-to-server/server/public-server1.key.pub
new file mode 100644
index 0000000..5912f3f
--- /dev/null
+++ b/example-simple-client-to-server/server/public-server1.key.pub
@@ -0,0 +1 @@
+q/+jwmL5tNuYSB3z+t9Caj00Pc1YQ8zf+uNPu/UE1wE=
diff --git a/example-simple-client-to-server/server/setup.sh b/example-simple-client-to-server/server/setup.sh
new file mode 100644
index 0000000..b9991f8
--- /dev/null
+++ b/example-simple-client-to-server/server/setup.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+# install wireguard
+add-apt-repository ppa:wireguard/wireguard
+apt update
+apt install wireguard
+
+# to enable kernel relaying/forwarding ability on bounce servers
+echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
+echo "net.ipv4.conf.all.proxy_arp" >> /etc/sysctl.conf
+sudo sysctl -p /etc/sysctl.conf
+
+# to add iptables forwarding rules on bounce servers
+iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+iptables -A FORWARD -i wg0 -o wg0 -m conntrack --ctstate NEW -j ACCEPT
+iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
diff --git a/example-simple-client-to-server/server/start.sh b/example-simple-client-to-server/server/start.sh
new file mode 100644
index 0000000..9e6a2fb
--- /dev/null
+++ b/example-simple-client-to-server/server/start.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick up "$PEER_DIR"/wg0.conf
+wg show
diff --git a/example-simple-client-to-server/server/stop.sh b/example-simple-client-to-server/server/stop.sh
new file mode 100644
index 0000000..2faef2c
--- /dev/null
+++ b/example-simple-client-to-server/server/stop.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick down "$PEER_DIR"/wg0.conf
+wg show
diff --git a/example-simple-client-to-server/server/wg0.conf b/example-simple-client-to-server/server/wg0.conf
new file mode 100644
index 0000000..7e28ae4
--- /dev/null
+++ b/example-simple-client-to-server/server/wg0.conf
@@ -0,0 +1,28 @@
+[Interface]
+# Name = public-server1.example-vpn.tld
+Address = 10.0.0.1/24
+ListenPort = 51820
+PrivateKey = 2P/3ll/TxGTjGqwcWnqJMnjwPqGw7oX1RaXlPfsf2FQ=
+DNS = 1.1.1.1
+
+[Peer]
+# Name = public-server2.example-vpn.dev
+Endpoint = public-server2.example-vpn.dev:51820
+PublicKey = SceMEaVZaZfOGtGXjMsoJjhwxKHkb++9wjxqN1vm32s=
+AllowedIPs = 10.0.0.2/32
+
+[Peer]
+# Name = home-server.example-vpn.dev
+Endpoint = home-server.example-vpn.dev:51820
+PublicKey = 8bSk5fATxg9qdxbK20iTGdrQ7SWvxIBhxdMo+W54pEg=
+AllowedIPs = 10.0.0.3/32
+
+[Peer]
+# Name = laptop.example-vpn.dev
+PublicKey = BV5DjXeCugIrjvEZLo4sZ0hN5wveFTH8kOfZ1AIQ5js=
+AllowedIPs = 10.0.0.4/32
+
+[Peer]
+# Name = phone.example-vpn.dev
+PublicKey = VpjKa2MQKXuvttXRwJIe0LLYrtFYGQRTtmt8okUGm3A=
+AllowedIPs = 10.0.0.5/32
diff --git a/example-simple-server-to-server/home-server/home-server.key b/example-simple-server-to-server/home-server/home-server.key
new file mode 100644
index 0000000..2df1302
--- /dev/null
+++ b/example-simple-server-to-server/home-server/home-server.key
@@ -0,0 +1 @@
+WN+bvd3PCWs5Pk3bvl7abWR0c1L6PCWKYRX56mjVYGo=
diff --git a/example-simple-server-to-server/home-server/home-server.key.pub b/example-simple-server-to-server/home-server/home-server.key.pub
new file mode 100644
index 0000000..6d118d2
--- /dev/null
+++ b/example-simple-server-to-server/home-server/home-server.key.pub
@@ -0,0 +1 @@
+8bSk5fATxg9qdxbK20iTGdrQ7SWvxIBhxdMo+W54pEg=
diff --git a/example-simple-server-to-server/home-server/setup.sh b/example-simple-server-to-server/home-server/setup.sh
new file mode 100644
index 0000000..722ba80
--- /dev/null
+++ b/example-simple-server-to-server/home-server/setup.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+# install wireguard on FreeBSD
+pkg install wireguard
+
+# install wireguard on Ubuntu
+#add-apt-repository ppa:wireguard/wireguard
+#apt update
+#apt install wireguard
diff --git a/example-simple-server-to-server/home-server/start.sh b/example-simple-server-to-server/home-server/start.sh
new file mode 100644
index 0000000..9e6a2fb
--- /dev/null
+++ b/example-simple-server-to-server/home-server/start.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick up "$PEER_DIR"/wg0.conf
+wg show
diff --git a/example-simple-server-to-server/home-server/stop.sh b/example-simple-server-to-server/home-server/stop.sh
new file mode 100644
index 0000000..2faef2c
--- /dev/null
+++ b/example-simple-server-to-server/home-server/stop.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick down "$PEER_DIR"/wg0.conf
+wg show
diff --git a/example-simple-server-to-server/home-server/wg0.conf b/example-simple-server-to-server/home-server/wg0.conf
new file mode 100644
index 0000000..2373455
--- /dev/null
+++ b/example-simple-server-to-server/home-server/wg0.conf
@@ -0,0 +1,14 @@
+[Interface]
+# Name = home-server.example-vpn.dev
+Address = 10.0.0.3/32
+ListenPort = 51820
+PrivateKey = WN+bvd3PCWs5Pk3bvl7abWR0c1L6PCWKYRX56mjVYGo=
+DNS = 1.1.1.1
+
+[Peer]
+# Name = public-server1.example-vpn.tld
+Endpoint = public-server1.example-vpn.tld:51820
+PublicKey = q/+jwmL5tNuYSB3z+t9Caj00Pc1YQ8zf+uNPu/UE1wE=
+# routes traffic to itself and entire subnet of peers as bounce server
+AllowedIPs = 10.0.0.1/24
+PersistentKeepalive = 25
diff --git a/example-simple-server-to-server/laptop/laptop.key b/example-simple-server-to-server/laptop/laptop.key
new file mode 100644
index 0000000..686b3d9
--- /dev/null
+++ b/example-simple-server-to-server/laptop/laptop.key
@@ -0,0 +1 @@
+OPmibSXYAAcMIYKNsWqr77zY06Kl750AEB1nWQi1T2o=
diff --git a/example-simple-server-to-server/laptop/laptop.key.pub b/example-simple-server-to-server/laptop/laptop.key.pub
new file mode 100644
index 0000000..4165fa8
--- /dev/null
+++ b/example-simple-server-to-server/laptop/laptop.key.pub
@@ -0,0 +1 @@
+BV5DjXeCugIrjvEZLo4sZ0hN5wveFTH8kOfZ1AIQ5js=
diff --git a/example-simple-server-to-server/laptop/setup.sh b/example-simple-server-to-server/laptop/setup.sh
new file mode 100644
index 0000000..5fb0157
--- /dev/null
+++ b/example-simple-server-to-server/laptop/setup.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+# install wireguard on Ubuntu
+#add-apt-repository ppa:wireguard/wireguard
+#apt update
+#apt install wireguard
+
+# install wireguard on macOS
+brew install wireguard-tools
diff --git a/example-simple-server-to-server/laptop/start.sh b/example-simple-server-to-server/laptop/start.sh
new file mode 100644
index 0000000..9e6a2fb
--- /dev/null
+++ b/example-simple-server-to-server/laptop/start.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick up "$PEER_DIR"/wg0.conf
+wg show
diff --git a/example-simple-server-to-server/laptop/stop.sh b/example-simple-server-to-server/laptop/stop.sh
new file mode 100644
index 0000000..2faef2c
--- /dev/null
+++ b/example-simple-server-to-server/laptop/stop.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick down "$PEER_DIR"/wg0.conf
+wg show
diff --git a/example-simple-server-to-server/laptop/wg0.conf b/example-simple-server-to-server/laptop/wg0.conf
new file mode 100644
index 0000000..d2f625d
--- /dev/null
+++ b/example-simple-server-to-server/laptop/wg0.conf
@@ -0,0 +1,13 @@
+[Interface]
+# Name = laptop.example-vpn.dev
+Address = 10.0.0.4/32
+PrivateKey = OPmibSXYAAcMIYKNsWqr77zY06Kl750AEB1nWQi1T2o=
+DNS = 1.1.1.1
+
+[Peer]
+# Name = public-server1.example-vpn.tld
+Endpoint = public-server1.example-vpn.tld:51820
+PublicKey = q/+jwmL5tNuYSB3z+t9Caj00Pc1YQ8zf+uNPu/UE1wE=
+# routes traffic to itself and entire subnet of peers as bounce server
+AllowedIPs = 10.0.0.1/24
+PersistentKeepalive = 25
diff --git a/example-simple-server-to-server/phone/phone.key b/example-simple-server-to-server/phone/phone.key
new file mode 100644
index 0000000..a855da1
--- /dev/null
+++ b/example-simple-server-to-server/phone/phone.key
@@ -0,0 +1 @@
+WH98AvjKKZ584ZLb69G912bNry2wOda9+kfzm+qbnUw=
diff --git a/example-simple-server-to-server/phone/phone.key.pub b/example-simple-server-to-server/phone/phone.key.pub
new file mode 100644
index 0000000..0d67922
--- /dev/null
+++ b/example-simple-server-to-server/phone/phone.key.pub
@@ -0,0 +1 @@
+VpjKa2MQKXuvttXRwJIe0LLYrtFYGQRTtmt8okUGm3A=
diff --git a/example-simple-server-to-server/phone/setup.sh b/example-simple-server-to-server/phone/setup.sh
new file mode 100644
index 0000000..fdbf4f4
--- /dev/null
+++ b/example-simple-server-to-server/phone/setup.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+# install wireguard on iOS/Android
+echo "Use the iOS App Store / Google Play Store to install WireGuard on your mobile device"
diff --git a/example-simple-server-to-server/phone/start.sh b/example-simple-server-to-server/phone/start.sh
new file mode 100644
index 0000000..de47355
--- /dev/null
+++ b/example-simple-server-to-server/phone/start.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+echo "Use the iOS/Android app to load the wg0.conf file and start Wireguard"
diff --git a/example-simple-server-to-server/phone/stop.sh b/example-simple-server-to-server/phone/stop.sh
new file mode 100644
index 0000000..4fc7f4a
--- /dev/null
+++ b/example-simple-server-to-server/phone/stop.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+echo "Use the iOS/Android app to load the wg0.conf file and stop Wireguard"
diff --git a/example-simple-server-to-server/phone/wg0.conf b/example-simple-server-to-server/phone/wg0.conf
new file mode 100644
index 0000000..47cf7a1
--- /dev/null
+++ b/example-simple-server-to-server/phone/wg0.conf
@@ -0,0 +1,13 @@
+[Interface]
+# Name = phone.example-vpn.dev
+Address = 10.0.0.5/32
+PrivateKey = WH98AvjKKZ584ZLb69G912bNry2wOda9+kfzm+qbnUw=
+DNS = 1.1.1.1
+
+[Peer]
+# Name = public-server1.example-vpn.tld
+Endpoint = public-server1.example-vpn.tld:51820
+PublicKey = q/+jwmL5tNuYSB3z+t9Caj00Pc1YQ8zf+uNPu/UE1wE=
+# routes traffic to itself and entire subnet of peers as bounce server
+AllowedIPs = 10.0.0.1/24
+PersistentKeepalive = 25
diff --git a/example-simple-server-to-server/public-server1/public-server1.key b/example-simple-server-to-server/public-server1/public-server1.key
new file mode 100644
index 0000000..e97b37e
--- /dev/null
+++ b/example-simple-server-to-server/public-server1/public-server1.key
@@ -0,0 +1 @@
+2P/3ll/TxGTjGqwcWnqJMnjwPqGw7oX1RaXlPfsf2FQ=
diff --git a/example-simple-server-to-server/public-server1/public-server1.key.pub b/example-simple-server-to-server/public-server1/public-server1.key.pub
new file mode 100644
index 0000000..5912f3f
--- /dev/null
+++ b/example-simple-server-to-server/public-server1/public-server1.key.pub
@@ -0,0 +1 @@
+q/+jwmL5tNuYSB3z+t9Caj00Pc1YQ8zf+uNPu/UE1wE=
diff --git a/example-simple-server-to-server/public-server1/setup.sh b/example-simple-server-to-server/public-server1/setup.sh
new file mode 100644
index 0000000..b9991f8
--- /dev/null
+++ b/example-simple-server-to-server/public-server1/setup.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+# install wireguard
+add-apt-repository ppa:wireguard/wireguard
+apt update
+apt install wireguard
+
+# to enable kernel relaying/forwarding ability on bounce servers
+echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
+echo "net.ipv4.conf.all.proxy_arp" >> /etc/sysctl.conf
+sudo sysctl -p /etc/sysctl.conf
+
+# to add iptables forwarding rules on bounce servers
+iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+iptables -A FORWARD -i wg0 -o wg0 -m conntrack --ctstate NEW -j ACCEPT
+iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
diff --git a/example-simple-server-to-server/public-server1/start.sh b/example-simple-server-to-server/public-server1/start.sh
new file mode 100644
index 0000000..9e6a2fb
--- /dev/null
+++ b/example-simple-server-to-server/public-server1/start.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick up "$PEER_DIR"/wg0.conf
+wg show
diff --git a/example-simple-server-to-server/public-server1/stop.sh b/example-simple-server-to-server/public-server1/stop.sh
new file mode 100644
index 0000000..2faef2c
--- /dev/null
+++ b/example-simple-server-to-server/public-server1/stop.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick down "$PEER_DIR"/wg0.conf
+wg show
diff --git a/example-simple-server-to-server/public-server1/wg0.conf b/example-simple-server-to-server/public-server1/wg0.conf
new file mode 100644
index 0000000..7e28ae4
--- /dev/null
+++ b/example-simple-server-to-server/public-server1/wg0.conf
@@ -0,0 +1,28 @@
+[Interface]
+# Name = public-server1.example-vpn.tld
+Address = 10.0.0.1/24
+ListenPort = 51820
+PrivateKey = 2P/3ll/TxGTjGqwcWnqJMnjwPqGw7oX1RaXlPfsf2FQ=
+DNS = 1.1.1.1
+
+[Peer]
+# Name = public-server2.example-vpn.dev
+Endpoint = public-server2.example-vpn.dev:51820
+PublicKey = SceMEaVZaZfOGtGXjMsoJjhwxKHkb++9wjxqN1vm32s=
+AllowedIPs = 10.0.0.2/32
+
+[Peer]
+# Name = home-server.example-vpn.dev
+Endpoint = home-server.example-vpn.dev:51820
+PublicKey = 8bSk5fATxg9qdxbK20iTGdrQ7SWvxIBhxdMo+W54pEg=
+AllowedIPs = 10.0.0.3/32
+
+[Peer]
+# Name = laptop.example-vpn.dev
+PublicKey = BV5DjXeCugIrjvEZLo4sZ0hN5wveFTH8kOfZ1AIQ5js=
+AllowedIPs = 10.0.0.4/32
+
+[Peer]
+# Name = phone.example-vpn.dev
+PublicKey = VpjKa2MQKXuvttXRwJIe0LLYrtFYGQRTtmt8okUGm3A=
+AllowedIPs = 10.0.0.5/32
diff --git a/example-simple-server-to-server/public-server2/public-server2.key b/example-simple-server-to-server/public-server2/public-server2.key
new file mode 100644
index 0000000..44ad287
--- /dev/null
+++ b/example-simple-server-to-server/public-server2/public-server2.key
@@ -0,0 +1 @@
+eDwURfg8PhpUAdPp+OA9pQ5oZQYqGqY3LToUORMh220=
diff --git a/example-simple-server-to-server/public-server2/public-server2.key.pub b/example-simple-server-to-server/public-server2/public-server2.key.pub
new file mode 100644
index 0000000..52e4ce1
--- /dev/null
+++ b/example-simple-server-to-server/public-server2/public-server2.key.pub
@@ -0,0 +1 @@
+SceMEaVZaZfOGtGXjMsoJjhwxKHkb++9wjxqN1vm32s=
diff --git a/example-simple-server-to-server/public-server2/setup.sh b/example-simple-server-to-server/public-server2/setup.sh
new file mode 100644
index 0000000..5bfea98
--- /dev/null
+++ b/example-simple-server-to-server/public-server2/setup.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+# install wireguard
+add-apt-repository ppa:wireguard/wireguard
+apt update
+apt install wireguard
diff --git a/example-simple-server-to-server/public-server2/start.sh b/example-simple-server-to-server/public-server2/start.sh
new file mode 100644
index 0000000..9e6a2fb
--- /dev/null
+++ b/example-simple-server-to-server/public-server2/start.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick up "$PEER_DIR"/wg0.conf
+wg show
diff --git a/example-simple-server-to-server/public-server2/stop.sh b/example-simple-server-to-server/public-server2/stop.sh
new file mode 100644
index 0000000..2faef2c
--- /dev/null
+++ b/example-simple-server-to-server/public-server2/stop.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+PEER_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+wg-quick down "$PEER_DIR"/wg0.conf
+wg show
diff --git a/example-simple-server-to-server/public-server2/wg0.conf b/example-simple-server-to-server/public-server2/wg0.conf
new file mode 100644
index 0000000..fa8cf16
--- /dev/null
+++ b/example-simple-server-to-server/public-server2/wg0.conf
@@ -0,0 +1,14 @@
+[Interface]
+# Name = public-server2.example-vpn.dev
+Address = 10.0.0.2/32
+ListenPort = 51820
+PrivateKey = eDwURfg8PhpUAdPp+OA9pQ5oZQYqGqY3LToUORMh220=
+DNS = 1.1.1.1
+
+[Peer]
+# Name = public-server1.example-vpn.tld
+Endpoint = public-server1.example-vpn.tld:51820
+PublicKey = q/+jwmL5tNuYSB3z+t9Caj00Pc1YQ8zf+uNPu/UE1wE=
+# routes traffic to itself and entire subnet of peers as bounce server
+AllowedIPs = 10.0.0.1/24
+PersistentKeepalive = 25