Update 11.05.2020: I recommend using the PiVPN script (especially when using a unprivileged container). https://nocin.eu/wireguard-set-up-wireguard-using-pivpn-inside-lxc/
In the F-Droid Store you’ll find the wireguard android app.
To get wireguard running, add a new peer to your server. So ssh into your sever (in my case an lxc on proxmox) and create a new key pair.
wg genkey | tee privatekey | wg pubkey > publickey
Now create the android.conf. Define the interface and add your server as peer.
[Interface]
PrivatKey = <android_privat_key>
Address = 192.168.1.3/24
DNS = 192.168.1.102
[Peer]
PublicKey = <server_public_key>
AllowedIPs = 0.0.0.0/0
Endpoint = my.doamin.org:51820
PersistentKeepalive = 25
Then add the new android peer to the server config.
[Peer]
PublicKey = <android_public_key>
AllowedIPs = 192.168.1.3/32
Now restart the wireguard interface to load the new config:
wg-quick down wg0
wg-quick up wg0
The fastest way to get your config on the android client is using a QR-Code. I used greencode for this.
apt install greencode
qrencode -t ansiutf8 < android.conf
Open your wireguard app, scan the QR-Code and connect to your server.