![]() Open the /etc/nf file and add or uncomment the following line: sudo nano /etc/nf IP forwarding must be enabled for NAT to work. To bring the WireGuard interface at boot time, run the following command: sudo systemctl enable Server Networking and Firewall Configuration # You can also verify the interface state with ip a show wg0: ip a show wg0 4: wg0: mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000 Public key: +Vpyku+gjVJuXGR/OXXt6cmBKPdc06Qnm3hpRhMBtxs= To check the interface state and configuration, run: sudo wg show wg0 interface: wg0 iptables -A FORWARD -i wg0 -j ACCEPT iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE The output will look something like this: ip link add wg0 type wireguard Once done, bring the wg0 interface up using the attributes specified in the configuration file: sudo wg-quick up wg0 You can easily find the interface with: ip -o -4 route show to default | awk ' Make sure to replace ens3 after -A POSTROUTING to match the name of your public network interface. This allows traffic to leave the server, giving the VPN clients access to the Internet. In this example, we’re using iptables to enable masquerading. PostUp - Command or script that is executed before bringing the interface up. SaveConfig - When set to true, the current state of the interface is saved to the configuration file when shutdown. ![]() (To see the contents of the file type: sudo cat /etc/wireguard/privatekey) PrivateKey - A private key generated by the wg genkey command. ![]() The settings in the interface section have the following meaning:Īddress - A comma-separated list of v4 or v6 IP addresses for the wg0 interface. However it is recommended to use something like wg0 or wgvpn0. You can name the interface anything you want to. Address = 10.0.0.1/24 SaveConfig = true ListenPort = 51820 PrivateKey = SERVER_PRIVATE_KEY PostUp = iptables -A FORWARD -i %i -j ACCEPT iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE Open your editor and create a new file named wg0.conf with the following contents: sudo nano /etc/wireguard/wg0.conf We’ll create the configuration with a text editor. The device can be set up either from the command line using the ipĪnd wg commands, or by manually creating the configuration file. The next step is to configure the tunnel device that will route the VPN traffic. This key is optional and must be unique for each peer pair. Wireguard also supports a pre-shared key, which adds an additional layer of symmetric-key cryptography. The private key should never be shared with anyone and should always be kept secure. Use the catĬommands to view the contents of the files. The files are generated in the /etc/wireguard directory. Run the following command to generate the key pair: wg genkey | sudo tee /etc/wireguard/privatekey | wg pubkey | sudo tee /etc/wireguard/publickey You can configure and manage the WireGuard interfaces with the wg and wg-quick command-line tools.Įach device in the WireGuard VPN network needs to have a private and public key. Once the repository is enabled, update the apt cache and install the WireGuard module and tools: sudo apt update sudo apt install wireguard To add the repository to your system, run: echo 'deb buster-backports main' | sudo tee /etc/apt//buster-backports.list WireGuard is available from the Debian backports repositories. We’ll also configure the system to route the clients’ traffic through it. We’ll start by installing the WireGuard package on the Debian machine and set it up to act as a server. You also need root or ( to install packages and make changes to the system. To follow this guide, you’ll need a machine with Debian 10 installed. ![]() This setup can be used as a protection against Man in the Middle attacks, surfing the web anonymously, bypassing Geo-restricted content, or allowing your colleagues who work from home to connect to the company network securely. The client’s traffic will be routed through the Debian 10 server. We’ll also show you how to configure WireGuard as a client on Linux, Windows, and macOS. This article explains how to install and configure WireGuard on Debian 10 that will act as a VPN server. Public keys are mapped with a list of IP addresses that are allowed in the tunnel. Peers authenticate each other by exchanging and validating public keys, mimicking the SSH model. It works by creating a network interface on each peer device that acts as a tunnel. Depending on the configuration, a peer can act as a traditional server or client. Wireguard is a peer-to-peer VPN it does not use the client-server model. Best free VPN service provider for Linux : ProtonVPN
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |