Support #977
Install WireGuard Peer on Debian
Description
This is a guide on installing a WireGuard IPv4 only peer on Debian 11.
Prepare the Environment¶
- Make sure the system is up to date:
sudo apt update && sudo apt upgrade
Install WireGuard¶
- Install WireGuard:
sudo apt install wireguard iptables
Setup Key Pair¶
- Create the private key and restrict permission to it:
wg genkey | sudo tee /etc/wireguard/private.key sudo chmod go= /etc/wireguard/private.key
- Create a public key:
sudo cat /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key
Create Configuration¶
- Create a new config:
sudo nano /etc/wireguard/wg0.conf
- And add the following
[Interface] PrivateKey = base64_encoded_peer_private_key_goes_here Address = 172.16.0.2/24 [Peer] PublicKey = U9uE2kb/nrrzsEU58GD3pKFU3TLYDMCbetIsnV8eeFE= AllowedIPs = 0.0.0.0/0 Endpoint = 203.0.113.1:51820
- And add the following
Configure Peer to Route All Traffic Over the Tunnel¶
- Edit the wireguard config:
sudo nano /etc/wireguard/wg0.conf
#*Before the[Peer]line, add the following 4 lines:PostUp = ip rule add table 200 from 203.0.113.5 PostUp = ip route add table 200 default via 203.0.113.1 PreDown = ip rule delete table 200 from 203.0.113.5 PreDown = ip route delete table 200 default via 203.0.113.1
NOTE: in this example 203.0.113.1 is the server and 203.0.113.5 is the peer (client).
Configure Peer DNS Resolver¶
- Install resolvconf:
sudo apt install resolvconf
- Edit the wireguard config:
sudo nano /etc/wireguard/wg0.conf
Add Peer Public Key to the WireGuard Server¶
- Get the public key from the peer:
sudo cat /etc/wireguard/public.key
- Next, from the wireguard server, add the peer's public key:
sudo wg set wg0 peer PeURxj4Q75RaVhBKkRTpNsBPiPSGb5oQijgJsTa29hg= allowed-ips 172.16.0.2
- Start and enable wireguard:
sudo systemctl enable wg-quick@wg0 sudo systemctl start wg-quick@wg0
Resources¶
Updated by Daniel Curtis over 1 year ago
- % Done changed from 0 to 100
- Status changed from New to Resolved
- Description updated (diff)