diff --git a/Home_Lab/SetupWireguard.md b/Home_Lab/SetupWireguard.md
new file mode 100644
index 0000000..1ba9bf0
--- /dev/null
+++ b/Home_Lab/SetupWireguard.md
@@ -0,0 +1,133 @@
+# Setting up Wireguard
+
+## Steps
+### Step 1: Install the dependencies
+Here you will be needing to install the packages that wireguard needs to work.
+
+```bash
+## Debian or Ubuntu
+sudo apt install wireguard
+
+## RHEL-based
+sudo dnf install wireguard-tools
+```
+
+### Step 2: Setup wireguard interface configs
+This step requires you to do multiple things:
+a) Generate a private & public key for both the server and client
+b) Create a wireguard interface config for both the server & client
+	- In this step you will need to choose an IP for both server and client (the usual choice is on a subnet included in 10.0.0.0/8 (ex: 10.200.1.x/24)).
+
+#### A: Create Pub & Priv keys (server & client)
+Here we will generate a private and public key for both the server & client.
+```bash
+## Much of this will be inline commands with pipes, but feel free to seperate them if you feel you need to.
+### Generate pub and priv key for server
+wg genkey | tee wg0-server-privkey | wg pubkey > wg0-server-pubkey
+
+### Generate pub and priv key for first client
+wg genkey | tee wg0-client-privkey | wg pubkey > wg0-client-pubkey
+
+## This is the networks you want your client to have access to (configured in the client's wg0.conf)
+networks=10.200.1.0/24,192.168.1.0/24
+
+## This is just my example IPs for a basic setup, you can use your own (it won't matter as long as they are valid addresses)
+### The server IP needs to be one that will be on the network 10.200.1.0/24 (with the /24 at the end signifying the subnet mask)
+server_ip=10.200.1.1/24
+
+### While you can just use 10.200.1.0/24 on the AllowedIPs, it will cause issues when you are wanting to setup more peers/clients to use that interface.
+### to be able to provide VPN connections for multiple clients you will need to scope it down to a specific IP using the /32 netmask
+### otherwise all connections will have issues when you try to reload the wg interface config (as it will try to forward all traffic accross all peers)
+client_ip=10.200.1.2
+
+masquerade_interface=eno1 # You will need to find out what interface you want/need to use (just look it up with "ip address" or "ifconfig" (whatever your util is))
+
+### This will actually generate the config using bash, but feel free to do it manually (for your choice of IPs you will need to make sure you 
+cat > wg0-server.conf <<EOF
+[Interface]
+Address = $server_ip
+PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $masquerade_interface -j MASQUERADE
+PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o $masquerade_interface -j MASQUERADE
+## This can be any port, this is just the standard port that most choose when using wireguard
+ListenPort = 51820
+PrivateKey = $(<wg0-server-privkey)
+
+[peer]
+# This needs to be pubkey/public key of the peer
+PublicKey = $(<wg0-client-pubkey)
+AllowedIPs = $client_ip/32
+# This will just have the server ping the client every x seconds to make sure the connection stays alive (since it's using UDP a stateless protocol)
+PersistentKeepalive = 24
+EOF
+
+: "
+Note:
+You can configure MULTIPLE peers when creating the server config (to allow it to provide multiple clients VPN services off the same port). 
+
+But when doing so you will need to setup the AllowedIPs of each peer to be a single ip (EX: 10.200.1.x/32) , or else it will confuse wg. To do this you just need to setup an additional peer section with the new peers pubkey and ip.
+"
+
+cat > wg0-client.conf <<EOF
+[Interface]
+Address = $client_ip/24
+PrivateKey = $(<wg0-client-privkey)
+
+[peer]
+# This needs to be pubkey/public key of the server
+PublicKey = $(<wg0-server-pubkey)
+### This is where you configure what networks you want your wireguard interface to access on the other end (if the masquerading interface has access to them)
+AllowedIPs = $networks 
+# This will just have the server ping the server every x seconds to make sure the connection stays alive (since it's using UDP a stateless protocol)
+PersistentKeepalive = 24
+EOF
+```
+
+### Step 3: Configure System to allow masquerading
+By default most systems don't allow for programs to setup interface masquerading. So you need to change a config in /etc/sysctl.conf to allow for forwarding/masquerading.
+
+In the config file you will either need to add or uncomment the following line to allow for wireguard to masquerade as another interface (giving you access to the network it is connected to).
+
+	net.ipv4.ip_forward=1
+	
+Afterwards you will likely need to load the change into your system.
+
+```bash
+## Can also use "sudo sysctl --system" to just have it reload all configs
+sysctl --load=/etc/sysctl.conf
+
+# or just manually set it
+
+sudo sysctl net.ipv4.ip_forward=1
+```
+
+
+### Step 4: Setup persistant service on server (or client)
+Here is where you will setup a service to make sure your wg iterface will be restarted/started after boot or reboot.
+
+```bash
+# Systemd as init system
+## Replace wg# with the wg interface you named/created in step 2
+systemctl enable wg-quick@wg#
+```
+
+
+### Step 4: Deploy on client and server
+This is simple. You just have to put the config we generated in step 2 in the /etc/wireguard directory as wg#.conf (with # being the wireguard interface number (can be anything)) on both the server and client.
+
+Afterwards you can 
+
+### Step 5: Setup port forwarding on router/gateway
+For this step you just need to get on your router and port-forward a port on the router to the port configured on your server. I cannot provide the specific how-to for that since I cannot account for all the different devices that you may be using.
+
+### Step 6: Test work
+Now all you have to do is test your config work. 
+
+Just go ahead issue this command on your server and client (while off your home network)
+
+```bash
+wg-quick up wg#
+```
+
+After this you should see packets/traffic (transfer) when running "wg" to see how much data has been transferred to & from the interface.
+
+