Install Wireguard server on Debian 10
In the following tutorial I want to show you how to install Wireguard quickly under Debian 10. Of course you have to download and install Wireguard first:
sh -c "echo 'deb http://deb.debian.org/debian buster-backports main contrib non-free' > /etc/apt/sources.list.d/buster-backports.list"
apt update
apt install wireguard
After that, the “#” of “#net.ipv4.ip_forward=1” must be removed under etc/sysctl.conf:
nano /etc/sysctl.conf
# "#" von "#net.ipv4.ip_forward=1" unter etc/sysctl.conf entfernen
#speichern
sysctl -p
Then we generate the private key and public key of the server and show the output directly:
cd /etc/wireguard
umask 077
wg genkey | tee privatekey | wg pubkey > publickey
cat privatekey
cat publickey
We note both keys!
After that we generate both keys for the client and show the output directly
mkdir /etc/wireguard/tmp
cd /etc/wireguard/tmp
wg genkey | tee privatekey | wg pubkey > publickey
cat privatekey
cat publickey
We note also these keys.
After that we generate the server configuration
nano /etc/wireguard/wg0.conf
Within this file we save this:
[Interface]
Address = 10.66.66.1/24
SaveConfig = true
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -$
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING$
ListenPort = 51194
PrivateKey = PRIVATE KEY SERVER
[Peer]
PublicKey = PUBLIC KEY CLIENT
AllowedIPs = 10.66.66.2/32
In this configuration, the firewall settings are set directly with and port 51194 is used.
After that we set Wireguard to autostart and start it:
systemctl enable wg-quick@wg0
systemctl start wg-quick@wg0
We can query or detect the status with the following commands:
systemctl status wg-quick@wg0
wg
ip a show wg0
I assume that a Windows client is used on the other side. Such a client would have the following configuration for the tunnel:
[Interface]
PrivateKey = PRIVATE KEY CLIENT
Address = 10.66.66.2/32
DNS = 185.95.218.42, 185.95.218.43
[Peer]
PublicKey = PUBLIC KEY SERVER
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = 194.233.80.125:51194
PersistentKeepalive = 20
Please do not forget (apart from setting up wireguards) to secure your Debian server accordingly.