Bashing Life

Contact

Donate

Wireguard

by

webed
in ,

Using WireGuard on Debian involves several steps, including installing the WireGuard package, configuring the interface, and setting up the necessary keys. Here’s a basic guide to help you set up WireGuard on Debian using the command line:

Install WireGuard:

Update the package list and install wireguard:

sudo apt updatesudo apt install wireguard

Generate WireGuard Keys:

Generate a private and public key pair for the server:

wg genkey | sudo tee /etc/wireguard/privatekey-server | wg pubkey | sudo tee /etc/wireguard/publickey-server

Generate a private and public key pair for the client:

wg genkey | sudo tee /etc/wireguard/privatekey-client | wg pubkey | sudo tee /etc/wireguard/publickey-client

Confirm that your keys are only available for the root user by checking the file permissions (chmod 600).

Configure WireGuard Server:

Create a configuration file for the WireGuard interface (e.g., /etc/wireguard/wg0.conf) and edit it with your preferred text editor:

sudo nano /etc/wireguard/wg0-server.conf

Add the following configuration, replacing placeholders with your actual IP addresses, private keys, and port numbers:

[Interface]
Address = 10.0.0.1/24 # Server IP address
PrivateKey = SERVER_PRIVATE_KEY
ListenPort = 51820 

[Peer]PublicKey = CLIENT_A_PUBLIC_KEY 
AllowedIPs = 10.0.0.2/32 # Client A IP address 
PersistentKeepalive = 25
[Peer]PublicKey = CLIENT_B_PUBLIC_KEY 
AllowedIPs = 10.0.0.3/32 # Client B IP address 
PersistentKeepalive = 25

Replace SERVER_PRIVATE_KEY and CLIENT_PUBLIC_KEY with the corresponding keys generated earlier.

Start the WireGuard Server Interface:

Start the WireGuard interface:

sudo wg-quick up wg0-server

Enable the interface to start on boot:

sudo systemctl enable wg-quick@wg0-server

Client Configuration:

Create a configuration file for the client (e.g., /etc/wireguard/wg0-client.conf):

[Interface] Address = 10.0.0.2/32 # Client IP address (As assigned by the server) 
PrivateKey = CLIENT_PRIVATE_KEY 

[Peer] 
PublicKey = SERVER_PUBLIC_KEY 
Endpoint = SERVER_PUBLIC_IP:51820 # A domain name can be setup here as well
AllowedIPs = 10.0.0.0/24 # Allow traffic for the assigned subnet

Replace CLIENT_PRIVATE_KEY, SERVER_PUBLIC_KEY, and SERVER_PUBLIC_IP with the corresponding keys and server’s public IP or domain name.

Import the client configuration into the WireGuard client.

Start the WireGuard Client Interface:

Start the WireGuard interface:

sudo wg-quick up wg0-client

Enable the interface to start on boot:

sudo systemctl enable wg-quick@wg0-server

Notes:

  • Adjust firewall settings to allow traffic on the WireGuard port (default is 51820).
  • Adjust routing and forwarding if you want the server to act as a gateway.
  • Always consider security best practices, especially when handling private keys.

This is a basic setup, and you may need to customize it based on your specific requirements and network topology. Always refer to the official WireGuard documentation for comprehensive details and updates.