lapatatedouce/scripts-admin-debian
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Corrections

Browse Source
This commit is contained in:
Philippe Favre
2025-03-04 21:53:13 +01:00
parent ef43428179
commit 1d39da2723
1 changed files with 82 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

116
networking/WireGuard_Setup_Guide_Debian.md
View File

@@ -1,31 +1,37 @@
# WireGuard VPN Setup on Debian # WireGuard VPN Setup on Debian
This guide provides step-by-step instructions for installing and configuring WireGuard on a Debian system. This guide provides step-by-step instructions for installing and configuring WireGuard on a Debian system. Separate instructions are given for both client and server setups.
---
## Requirements ## Requirements
- Debian-based system (Debian 12+) - Debian-based system (Debian 12+) with root or sudo privileges.
- Root or sudo privileges - Public and private key pair for WireGuard.
- A public and private key pair for WireGuard - A server to connect to (for client setup).
- A server to connect to
## 1. System Update ---
Before installing WireGuard, update the system packages: ## Client-Side Setup
### 1. System Update
Update the system packages:
```bash ```bash
sudo apt update && sudo apt upgrade -y sudo apt update && sudo apt upgrade -y
``` ```
## 2. Install WireGuard ### 2. Install WireGuard
WireGuard can be installed directly from Debian's repositories: Install WireGuard from Debian's repositories:
```bash ```bash
sudo apt install wireguard -y sudo apt install wireguard -y
``` ```
## 3. Generate Keys ### 3. Generate Keys
Generate a private and public key for the WireGuard interface: Generate a private and public key for the WireGuard interface:
@@ -33,11 +39,11 @@ Generate a private and public key for the WireGuard interface:
wg genkey | tee privatekey | wg pubkey > publickey wg genkey | tee privatekey | wg pubkey > publickey
``` ```
This command will generate two files: The following files are generated:
- `privatekey`: Your WireGuard private key. - `privatekey`: Your WireGuard private key.
- `publickey`: Your WireGuard public key. - `publickey`: Your WireGuard public key.
## 4. Configure WireGuard ### 4. Configure WireGuard
Create a configuration file for the WireGuard interface: Create a configuration file for the WireGuard interface:
@@ -45,65 +51,107 @@ Create a configuration file for the WireGuard interface:
sudo nano /etc/wireguard/wg0.conf sudo nano /etc/wireguard/wg0.conf
``` ```
Add the following configuration, replacing the placeholders with the appropriate values: Paste or modify the following configuration in the file, replacing placeholders with appropriate values:
```ini ```ini
[Interface] [Interface]
PrivateKey = YOUR_PRIVATE_KEY PrivateKey = YOUR_PRIVATE_KEY
Address = 10.0.0.1/24 # Local IP address for WireGuard interface Address = 10.0.0.2/24 # Local IP for WireGuard interface
ListenPort = 51820 # Port WireGuard will use ListenPort = 51820
[Peer] [Peer]
PublicKey = SERVER_PUBLIC_KEY PublicKey = SERVER_PUBLIC_KEY
Endpoint = SERVER_IP:51820 Endpoint = SERVER_IP:51820
AllowedIPs = 0.0.0.0/0 # Routes through the VPN AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25 # Maintain connection PersistentKeepalive = 25
``` ```
- **YOUR_PRIVATE_KEY**: The private key from the `privatekey` file. ### 5. Start WireGuard
- **SERVER_PUBLIC_KEY**: The public key of the server (provided by the server).
- **SERVER_IP**: The servers IP address.
## 5. Start WireGuard Bring up the WireGuard interface:
Once the configuration is complete, bring up the WireGuard interface:
```bash ```bash
sudo wg-quick up wg0 sudo wg-quick up wg0
``` ```
To enable WireGuard at system startup: Enable WireGuard at startup:
```bash ```bash
sudo systemctl enable wg-quick@wg0 sudo systemctl enable wg-quick@wg0
``` ```
## 6. Verify the Connection ### 6. Verify the Connection
To check if WireGuard is running correctly, use the following command: Check the status of WireGuard:
```bash ```bash
sudo wg sudo wg
``` ```
This will display the current status of the WireGuard interface and the connected peers. ### 7. Test the Public IP
## 7. Stop WireGuard Verify your public IP address using `curl`:
To bring down the WireGuard interface: ```bash
curl ifconfig.me
```
### 8. Stop WireGuard
Bring down the interface:
```bash ```bash
sudo wg-quick down wg0 sudo wg-quick down wg0
``` ```
## 8. Firewall and Port Forwarding ---
Ensure that port 51820 (or the port you specified) is open on any firewalls or routers between your system and the server. ## Server-Side Configuration
## 9. Server-Side Configuration Ensure the server has the appropriate WireGuard setup before trying to connect from the client.
Ensure that the server has the appropriate WireGuard configuration to allow your client to connect. You will need to add your public key and allowed IP address to the servers configuration. ### 1. Generate Server Keys
On the server, generate the private and public keys:
```bash
wg genkey | tee server_privatekey | wg pubkey > server_publickey
```
### 2. Set Up Server Configuration
Create and edit the WireGuard configuration file:
```bash
sudo nano /etc/wireguard/wg0.conf
```
Paste or modify the following configuration in the file, replacing placeholders:
```ini
[Interface]
PrivateKey = SERVER_PRIVATE_KEY
Address = 10.0.0.1/24
ListenPort = 51820
[Peer]
PublicKey = CLIENT_PUBLIC_KEY
AllowedIPs = 10.0.0.2/32
```
### 3. Start the WireGuard Server
Start and enable the WireGuard service:
```bash
sudo wg-quick up wg0
sudo systemctl enable wg-quick@wg0
```
### 4. Firewall and Port Forwarding
Ensure port 51820 is open on any firewalls or routers.
--- ---
This README provides instructions for setting up WireGuard on Debian. You may need to adjust some configurations depending on your network setup and requirements. This README outlines the steps for setting up WireGuard on Debian. Adjust configurations based on your network setup and requirements.