Ajouter miscellaneous/WireGuard_Setup_Guide_Debian.md
This commit is contained in:
Philippe Favre
109
miscellaneous/WireGuard_Setup_Guide_Debian.md
Normal file
109
miscellaneous/WireGuard_Setup_Guide_Debian.md
Normal file
@@ -0,0 +1,109 @@
|
||||
# WireGuard VPN Setup on Debian
|
||||
|
||||
This guide provides step-by-step instructions for installing and configuring WireGuard on a Debian system.
|
||||
|
||||
## Requirements
|
||||
|
||||
- Debian-based system (Debian 10+)
|
||||
- Root or sudo privileges
|
||||
- A public and private key pair for WireGuard
|
||||
- A server to connect to
|
||||
|
||||
## 1. System Update
|
||||
|
||||
Before installing WireGuard, update the system packages:
|
||||
|
||||
```bash
|
||||
sudo apt update && sudo apt upgrade -y
|
||||
```
|
||||
|
||||
## 2. Install WireGuard
|
||||
|
||||
WireGuard can be installed directly from Debian's repositories:
|
||||
|
||||
```bash
|
||||
sudo apt install wireguard -y
|
||||
```
|
||||
|
||||
## 3. Generate Keys
|
||||
|
||||
Generate a private and public key for the WireGuard interface:
|
||||
|
||||
```bash
|
||||
wg genkey | tee privatekey | wg pubkey > publickey
|
||||
```
|
||||
|
||||
This command will generate two files:
|
||||
- `privatekey`: Your WireGuard private key.
|
||||
- `publickey`: Your WireGuard public key.
|
||||
|
||||
## 4. Configure WireGuard
|
||||
|
||||
Create a configuration file for the WireGuard interface:
|
||||
|
||||
```bash
|
||||
sudo nano /etc/wireguard/wg0.conf
|
||||
```
|
||||
|
||||
Add the following configuration, replacing the placeholders with the appropriate values:
|
||||
|
||||
```ini
|
||||
[Interface]
|
||||
PrivateKey = YOUR_PRIVATE_KEY
|
||||
Address = 10.0.0.1/24 # Local IP address for WireGuard interface
|
||||
ListenPort = 51820 # Port WireGuard will use
|
||||
|
||||
[Peer]
|
||||
PublicKey = SERVER_PUBLIC_KEY
|
||||
Endpoint = SERVER_IP:51820
|
||||
AllowedIPs = 0.0.0.0/0 # Routes through the VPN
|
||||
PersistentKeepalive = 25 # Maintain connection
|
||||
```
|
||||
|
||||
- **YOUR_PRIVATE_KEY**: The private key from the `privatekey` file.
|
||||
- **SERVER_PUBLIC_KEY**: The public key of the server (provided by the server).
|
||||
- **SERVER_IP**: The server’s IP address.
|
||||
|
||||
## 5. Start WireGuard
|
||||
|
||||
Once the configuration is complete, bring up the WireGuard interface:
|
||||
|
||||
```bash
|
||||
sudo wg-quick up wg0
|
||||
```
|
||||
|
||||
To enable WireGuard at system startup:
|
||||
|
||||
```bash
|
||||
sudo systemctl enable wg-quick@wg0
|
||||
```
|
||||
|
||||
## 6. Verify the Connection
|
||||
|
||||
To check if WireGuard is running correctly, use the following command:
|
||||
|
||||
```bash
|
||||
sudo wg
|
||||
```
|
||||
|
||||
This will display the current status of the WireGuard interface and the connected peers.
|
||||
|
||||
## 7. Stop WireGuard
|
||||
|
||||
To bring down the WireGuard interface:
|
||||
|
||||
```bash
|
||||
sudo wg-quick down wg0
|
||||
```
|
||||
|
||||
## 8. Firewall and Port Forwarding
|
||||
|
||||
Ensure that port 51820 (or the port you specified) is open on any firewalls or routers between your system and the server.
|
||||
|
||||
## 9. Server-Side Configuration
|
||||
|
||||
Ensure that the server has the appropriate WireGuard configuration to allow your client to connect. You will need to add your public key and allowed IP address to the server’s configuration.
|
||||
|
||||
---
|
||||
|
||||
This README provides instructions for setting up WireGuard on Debian. You may need to adjust some configurations depending on your network setup and requirements.
|
||||
Reference in New Issue
Block a user