# WireGuard VPN Setup on Debian This guide provides step-by-step instructions for installing and configuring WireGuard on a Debian system. Separate instructions are given for both client and server setups. --- ## Requirements - Debian-based system (Debian 12+) with root or sudo privileges. - Public and private key pair for WireGuard. - A server to connect to (for client setup). --- ## Client-Side Setup ### 1. System Update Update the system packages: ```bash sudo apt update && sudo apt upgrade -y ``` ### 2. Install WireGuard Install WireGuard from Debian's repositories: ```bash sudo apt install wireguard -y ``` ### 3. Generate Keys Generate a private and public key for the WireGuard interface: ```bash wg genkey | tee privatekey | wg pubkey > publickey ``` The following files are generated: - `privatekey`: Your WireGuard private key. - `publickey`: Your WireGuard public key. ### 4. Configure WireGuard Create a configuration file for the WireGuard interface: ```bash sudo nano /etc/wireguard/wg0.conf ``` Paste or modify the following configuration in the file, replacing placeholders with appropriate values: ```ini [Interface] PrivateKey = YOUR_PRIVATE_KEY Address = 10.0.0.2/24 # Local IP for WireGuard interface ListenPort = 51820 [Peer] PublicKey = SERVER_PUBLIC_KEY Endpoint = SERVER_IP:51820 AllowedIPs = 0.0.0.0/0 PersistentKeepalive = 25 ``` ### 5. Start WireGuard Bring up the WireGuard interface: ```bash sudo wg-quick up wg0 ``` Enable WireGuard at startup: ```bash sudo systemctl enable wg-quick@wg0 ``` ### 6. Verify the Connection Check the status of WireGuard: ```bash sudo wg ``` ### 7. Test the Public IP Verify your public IP address using `curl`: ```bash curl ifconfig.me ``` ### 8. Stop WireGuard Bring down the interface: ```bash sudo wg-quick down wg0 ``` --- ## Server-Side Configuration Ensure the server has the appropriate WireGuard setup before trying to connect from the client. ### 1. Generate Server Keys On the server, generate the private and public keys: ```bash wg genkey | tee server_privatekey | wg pubkey > server_publickey ``` ### 2. Set Up Server Configuration Create and edit the WireGuard configuration file: ```bash sudo nano /etc/wireguard/wg0.conf ``` Paste or modify the following configuration in the file, replacing placeholders: ```ini [Interface] PrivateKey = SERVER_PRIVATE_KEY Address = 10.0.0.1/24 ListenPort = 51820 [Peer] PublicKey = CLIENT_PUBLIC_KEY AllowedIPs = 10.0.0.2/32 ``` ### 3. Start the WireGuard Server Start and enable the WireGuard service: ```bash sudo wg-quick up wg0 sudo systemctl enable wg-quick@wg0 ``` ### 4. Firewall and Port Forwarding Ensure port 51820 is open on any firewalls or routers. --- This README outlines the steps for setting up WireGuard on Debian. Adjust configurations based on your network setup and requirements.