These days when most people think about a VPN, they are thinking of a service that changes the endpoint of their internet connection to look like it's coming from another location. Here we're going to implement that with WireGuard.
Coming up with this setup required a few steps and a few different guides. I thought it might be useful to put the whole setup online in one post for people to find. This post assumes you already have a GPG auth key set up on your YubiKey. YubiCo has a good writeup about it here.
The steps to do this have been brought together from several sources, including a large part from this post from justyn.io however I have done some things differently after running into the odd problem or difference of opinion.
WireGuard is a relatively new choice when it comes to VPN utilities, but does things very differently to other existing VPN architectures.
From what I've learnt WireGuard is not just for VPNs, it's a stateless, peer-to-peer network tunnelling utility.
There are two things I've been meaning to do, set up a VPN connection so I can connect through my Linode from restrictive networks, and creating a simple IPv6 tunnel I can use on IPv4 connections. This is what I've documented here.