Install Wireguard server on Debian 10

Install Wireguard server on Debian 10

In the following tutorial I want to show you how to install Wireguard quickly under Debian 10. Of course you have to download and install Wireguard first:

sh -c "echo 'deb http://deb.debian.org/debian buster-backports main contrib non-free' > /etc/apt/sources.list.d/buster-backports.list"
apt update
apt install wireguard

After that, the “#” of “#net.ipv4.ip_forward=1” must be removed under etc/sysctl.conf:

nano /etc/sysctl.conf
# "#" von "#net.ipv4.ip_forward=1" unter etc/sysctl.conf entfernen
#speichern
sysctl -p

Then we generate the private key and public key of the server and show the output directly:

cd /etc/wireguard
umask 077
wg genkey | tee privatekey | wg pubkey > publickey
cat privatekey
cat publickey

We note both keys!

After that we generate both keys for the client and show the output directly

mkdir /etc/wireguard/tmp
cd /etc/wireguard/tmp
wg genkey | tee privatekey | wg pubkey > publickey
cat privatekey
cat publickey

We note also these keys.

After that we generate the server configuration

nano /etc/wireguard/wg0.conf

Within this file we save this:

[Interface]
Address = 10.66.66.1/24
SaveConfig = true
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -$
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING$
ListenPort = 51194
PrivateKey = PRIVATE KEY SERVER

[Peer]
PublicKey = PUBLIC KEY CLIENT
AllowedIPs = 10.66.66.2/32

In this configuration, the firewall settings are set directly with and port 51194 is used.

After that we set Wireguard to autostart and start it:

systemctl enable wg-quick@wg0
systemctl start wg-quick@wg0

We can query or detect the status with the following commands:

systemctl status wg-quick@wg0
wg
ip a show wg0

I assume that a Windows client is used on the other side. Such a client would have the following configuration for the tunnel:


[Interface]
PrivateKey = PRIVATE KEY CLIENT
Address = 10.66.66.2/32
DNS = 185.95.218.42, 185.95.218.43

[Peer]
PublicKey = PUBLIC KEY SERVER
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = 194.233.80.125:51194
PersistentKeepalive = 20

Please do not forget (apart from setting up wireguards) to secure your Debian server accordingly.

Leave a Reply

Your email address will not be published. Required fields are marked *