Project

General

Profile

Support #977

Install WireGuard Peer on Debian

Added by Daniel Curtis 12 months ago. Updated 12 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Server
Target version:
-
Start date:
04/10/2023
Due date:
% Done:

100%

Estimated time:
0.50 h
Spent time:

Description

This is a guide on installing a WireGuard IPv4 only peer on Debian 11.

Prepare the Environment

  • Make sure the system is up to date:
    sudo apt update && sudo apt upgrade
    

Install WireGuard

  • Install WireGuard:
    sudo apt install wireguard iptables
    

Setup Key Pair

  • Create the private key and restrict permission to it:
    wg genkey | sudo tee /etc/wireguard/private.key
    sudo chmod go= /etc/wireguard/private.key
    
  • Create a public key:
    sudo cat /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key
    

Create Configuration

  • Create a new config:
    sudo nano /etc/wireguard/wg0.conf
    
    • And add the following
      [Interface]
      PrivateKey = base64_encoded_peer_private_key_goes_here
      Address = 172.16.0.2/24
      
      [Peer]
      PublicKey = U9uE2kb/nrrzsEU58GD3pKFU3TLYDMCbetIsnV8eeFE=
      AllowedIPs = 0.0.0.0/0
      Endpoint = 203.0.113.1:51820
      

Configure Peer to Route All Traffic Over the Tunnel

  • Edit the wireguard config:
    sudo nano /etc/wireguard/wg0.conf
    

    #*Before the [Peer] line, add the following 4 lines:
    PostUp = ip rule add table 200 from 203.0.113.5
    PostUp = ip route add table 200 default via 203.0.113.1
    PreDown = ip rule delete table 200 from 203.0.113.5
    PreDown = ip route delete table 200 default via 203.0.113.1
    

    NOTE: in this example 203.0.113.1 is the server and 203.0.113.5 is the peer (client).

Configure Peer DNS Resolver

  • Install resolvconf:
    sudo apt install resolvconf
    
  • Edit the wireguard config:
    sudo nano /etc/wireguard/wg0.conf
    

Add Peer Public Key to the WireGuard Server

  • Get the public key from the peer:
    sudo cat /etc/wireguard/public.key
    
  • Next, from the wireguard server, add the peer's public key:
    sudo wg set wg0 peer PeURxj4Q75RaVhBKkRTpNsBPiPSGb5oQijgJsTa29hg= allowed-ips 172.16.0.2
    
  • Start and enable wireguard:
    sudo systemctl enable wg-quick@wg0
    sudo systemctl start wg-quick@wg0
    

Resources

#1

Updated by Daniel Curtis 12 months ago

  • % Done changed from 0 to 100
  • Status changed from New to Resolved
  • Description updated (diff)
#2

Updated by Daniel Curtis 12 months ago

  • Description updated (diff)
#3

Updated by Daniel Curtis 12 months ago

  • Description updated (diff)

Also available in: Atom PDF