diff --git a/.config/wireguard/README b/.config/wireguard/README
new file mode 100644
index 0000000..dcd55b9
--- /dev/null
+++ b/.config/wireguard/README
@@ -0,0 +1,15 @@
+quickstart
+
+	sudo apt install wireguard-tools
+
+
+serverside configuration
+
+	sudo sysctl -w net.ipv4.ip_forward=1
+	sudo sed -i "s/^#net.ipv4.ip_forward = 1/net.ipv4.ip_forward = 1/" /etc/sysctl.conf
+
+
+generating keys
+
+	wg genkey > client.key
+	wg pubkey < client.key > client.pub
diff --git a/.config/wireguard/client.conf b/.config/wireguard/client.conf
new file mode 100644
index 0000000..bd19ec2
--- /dev/null
+++ b/.config/wireguard/client.conf
@@ -0,0 +1,9 @@
+[Interface]
+Address = 10.200.200.2/32
+PrivateKey = <client private key>
+
+[Peer]
+PublicKey = <server public key>
+Endpoint = <server ip>:1194
+AllowedIPs = 0.0.0.0/0, ::/0
+
diff --git a/.config/wireguard/server.conf b/.config/wireguard/server.conf
new file mode 100644
index 0000000..03b30c8
--- /dev/null
+++ b/.config/wireguard/server.conf
@@ -0,0 +1,15 @@
+[Interface]
+Address = 10.200.200.1/24
+ListenPort = 1194
+PrivateKey = <server private key>
+
+PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o <interface name> -j MASQUERADE
+PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o i -j ACCEPT; iptables -t nat -D POSTROUTING -o <interface name> -j MASQUERADE
+
+[Peer]
+PublicKey = <client public key>
+AllowedIPs = 10.200.200.2/32
+
+[Peer]
+PublicKey = <client public key>
+AllowedIPs = 10.200.200.3/32