lapatatedouce/scripts-admin-debian
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
0915163d3420e6e51e41218e66ba08959072ff8b
scripts-admin-debian/networking/WireGuard_Setup_Guide_Debian.md
lapatatedouce 1d39da2723 Corrections
2025-03-04 21:53:13 +01:00

2.8 KiB
Raw Blame History

WireGuard VPN Setup on Debian

This guide provides step-by-step instructions for installing and configuring WireGuard on a Debian system. Separate instructions are given for both client and server setups.

Requirements

  • Debian-based system (Debian 12+) with root or sudo privileges.
  • Public and private key pair for WireGuard.
  • A server to connect to (for client setup).

Client-Side Setup

1. System Update

Update the system packages:

sudo apt update && sudo apt upgrade -y

2. Install WireGuard

Install WireGuard from Debian's repositories:

sudo apt install wireguard -y

3. Generate Keys

Generate a private and public key for the WireGuard interface:

wg genkey | tee privatekey | wg pubkey > publickey

The following files are generated:

  • privatekey: Your WireGuard private key.
  • publickey: Your WireGuard public key.

4. Configure WireGuard

Create a configuration file for the WireGuard interface:

sudo nano /etc/wireguard/wg0.conf

Paste or modify the following configuration in the file, replacing placeholders with appropriate values:

[Interface]
PrivateKey = YOUR_PRIVATE_KEY
Address = 10.0.0.2/24     # Local IP for WireGuard interface
ListenPort = 51820

[Peer]
PublicKey = SERVER_PUBLIC_KEY
Endpoint = SERVER_IP:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25

5. Start WireGuard

Bring up the WireGuard interface:

sudo wg-quick up wg0

Enable WireGuard at startup:

sudo systemctl enable wg-quick@wg0

6. Verify the Connection

Check the status of WireGuard:

sudo wg

7. Test the Public IP

Verify your public IP address using curl:

curl ifconfig.me

8. Stop WireGuard

Bring down the interface:

sudo wg-quick down wg0

Server-Side Configuration

Ensure the server has the appropriate WireGuard setup before trying to connect from the client.

1. Generate Server Keys

On the server, generate the private and public keys:

wg genkey | tee server_privatekey | wg pubkey > server_publickey

2. Set Up Server Configuration

Create and edit the WireGuard configuration file:

sudo nano /etc/wireguard/wg0.conf

Paste or modify the following configuration in the file, replacing placeholders:

[Interface]
PrivateKey = SERVER_PRIVATE_KEY
Address = 10.0.0.1/24
ListenPort = 51820

[Peer]
PublicKey = CLIENT_PUBLIC_KEY
AllowedIPs = 10.0.0.2/32

3. Start the WireGuard Server

Start and enable the WireGuard service:

sudo wg-quick up wg0
sudo systemctl enable wg-quick@wg0

4. Firewall and Port Forwarding

Ensure port 51820 is open on any firewalls or routers.

This README outlines the steps for setting up WireGuard on Debian. Adjust configurations based on your network setup and requirements.