158 lines
2.8 KiB
Markdown
158 lines
2.8 KiB
Markdown
|
|
# WireGuard VPN Setup on Debian
|
|
|
|
This guide provides step-by-step instructions for installing and configuring WireGuard on a Debian system. Separate instructions are given for both client and server setups.
|
|
|
|
---
|
|
|
|
## Requirements
|
|
|
|
- Debian-based system (Debian 12+) with root or sudo privileges.
|
|
- Public and private key pair for WireGuard.
|
|
- A server to connect to (for client setup).
|
|
|
|
---
|
|
|
|
## Client-Side Setup
|
|
|
|
### 1. System Update
|
|
|
|
Update the system packages:
|
|
|
|
```bash
|
|
sudo apt update && sudo apt upgrade -y
|
|
```
|
|
|
|
### 2. Install WireGuard
|
|
|
|
Install WireGuard from Debian's repositories:
|
|
|
|
```bash
|
|
sudo apt install wireguard -y
|
|
```
|
|
|
|
### 3. Generate Keys
|
|
|
|
Generate a private and public key for the WireGuard interface:
|
|
|
|
```bash
|
|
wg genkey | tee privatekey | wg pubkey > publickey
|
|
```
|
|
|
|
The following files are generated:
|
|
- `privatekey`: Your WireGuard private key.
|
|
- `publickey`: Your WireGuard public key.
|
|
|
|
### 4. Configure WireGuard
|
|
|
|
Create a configuration file for the WireGuard interface:
|
|
|
|
```bash
|
|
sudo nano /etc/wireguard/wg0.conf
|
|
```
|
|
|
|
Paste or modify the following configuration in the file, replacing placeholders with appropriate values:
|
|
|
|
```ini
|
|
[Interface]
|
|
PrivateKey = YOUR_PRIVATE_KEY
|
|
Address = 10.0.0.2/24 # Local IP for WireGuard interface
|
|
ListenPort = 51820
|
|
|
|
[Peer]
|
|
PublicKey = SERVER_PUBLIC_KEY
|
|
Endpoint = SERVER_IP:51820
|
|
AllowedIPs = 0.0.0.0/0
|
|
PersistentKeepalive = 25
|
|
```
|
|
|
|
### 5. Start WireGuard
|
|
|
|
Bring up the WireGuard interface:
|
|
|
|
```bash
|
|
sudo wg-quick up wg0
|
|
```
|
|
|
|
Enable WireGuard at startup:
|
|
|
|
```bash
|
|
sudo systemctl enable wg-quick@wg0
|
|
```
|
|
|
|
### 6. Verify the Connection
|
|
|
|
Check the status of WireGuard:
|
|
|
|
```bash
|
|
sudo wg
|
|
```
|
|
|
|
### 7. Test the Public IP
|
|
|
|
Verify your public IP address using `curl`:
|
|
|
|
```bash
|
|
curl ifconfig.me
|
|
```
|
|
|
|
### 8. Stop WireGuard
|
|
|
|
Bring down the interface:
|
|
|
|
```bash
|
|
sudo wg-quick down wg0
|
|
```
|
|
|
|
---
|
|
|
|
## Server-Side Configuration
|
|
|
|
Ensure the server has the appropriate WireGuard setup before trying to connect from the client.
|
|
|
|
### 1. Generate Server Keys
|
|
|
|
On the server, generate the private and public keys:
|
|
|
|
```bash
|
|
wg genkey | tee server_privatekey | wg pubkey > server_publickey
|
|
```
|
|
|
|
### 2. Set Up Server Configuration
|
|
|
|
Create and edit the WireGuard configuration file:
|
|
|
|
```bash
|
|
sudo nano /etc/wireguard/wg0.conf
|
|
```
|
|
|
|
Paste or modify the following configuration in the file, replacing placeholders:
|
|
|
|
```ini
|
|
[Interface]
|
|
PrivateKey = SERVER_PRIVATE_KEY
|
|
Address = 10.0.0.1/24
|
|
ListenPort = 51820
|
|
|
|
[Peer]
|
|
PublicKey = CLIENT_PUBLIC_KEY
|
|
AllowedIPs = 10.0.0.2/32
|
|
```
|
|
|
|
### 3. Start the WireGuard Server
|
|
|
|
Start and enable the WireGuard service:
|
|
|
|
```bash
|
|
sudo wg-quick up wg0
|
|
sudo systemctl enable wg-quick@wg0
|
|
```
|
|
|
|
### 4. Firewall and Port Forwarding
|
|
|
|
Ensure port 51820 is open on any firewalls or routers.
|
|
|
|
---
|
|
|
|
This README outlines the steps for setting up WireGuard on Debian. Adjust configurations based on your network setup and requirements.
|