Modern, lightweight, and high-performance VPN protocol.
Server Side
apt-add-repository ppa:wireguard/wireguard && apt update apt install wireguard-dkms wireguard-tools linux-headers-$(uname -r) umask 077 wg genkey | tee server_private_key | wg pubkey > server_public_key cat server_public_key cat server_private_key
If you are using Debian the command apt-add-repository will not work, so replace it with the following and continue with the procedure.
sh -c "echo 'deb http://deb.debian.org/debian buster-backports main contrib non-free' > /etc/apt/sources.list.d/buster-backports.list"
Copy both private and public keys and insert the server private key on the configuration file /etc/wireguard/wg0.conf:
[Interface] Address = 10.100.100.1/24 SaveConfig = true PrivateKey = OFSQt8EsapBiIR8xdcX7qJrNxc+w5NsdrZE2AlT/ulM= ListenPort = 51820 PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE [Peer] PublicKey = AllowedIPs = 10.100.100.2/32
Allow IPv4 forwarding on /etc/sysctl.conf then restart.
... net.ipv4.ip_forward=1 ...
The issue:
sysctl -p echo 1 > /proc/sys/net/ipv4/ip_forward reboot
Client Side
sudo apt-add-repository ppa:wireguard/wireguard && sudo apt update sudo apt install wireguard-dkms wireguard-tools linux-headers-$(uname -r) umask 077 wg genkey | tee client_private_key | wg pubkey > client_public_key cat client_public_key cat client_private_key
Copy both private and public keys and insert the client private key and server public key on the configuration file /etc/wireguard/wg0-client.conf:
[Interface] Address = 10.100.100.2/32 PrivateKey = oCd8EOqR1fezGQrKg2Z+6PgsrmNMGkmFJFLwt80raWU= [Peer] PublicKey = 2MC67m4cXW0Byn7oieWp6CTCUyF2UDXaIfzTxjaypx0= Endpoint = 192.168.134.169:51820 AllowedIPs = 0.0.0.0/0 PersistentKeepalive = 21
Start the wg-quick:
wg-quick up wg0-client
Server Side Again
Go back to the server configuration and add the client public key on the configuration file /etc/wireguard/wg0.conf:
[Interface] Address = 10.100.100.1/24 SaveConfig = true PrivateKey = OFSQt8EsapBiIR8xdcX7qJrNxc+w5NsdrZE2AlT/ulM= ListenPort = 51820 PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE [Peer] PublicKey = YnHktthA5EibYaiKEyNTYPpsV40tnKEOrT1opdWiylA= AllowedIPs = 10.100.100.2/32
Issue the commands:
chmod -v 600 /etc/wireguard/wg0.conf wg-quick up wg0 systemctl enable [email protected]
Client Side Again
Start the service!
wg-quick up wg0-client
Read Also
Performance OpenVPN vs WireGuard [Link]
OpenVPN Server + Monitoring [Link]
pfSense with OpenVPN Client [Link]
GRE VPN Tunnel on Cisco [Link]