Skip to content

WireGuard Installation.md

Latest commit

 

History

History
192 lines (126 loc) · 3.26 KB

WireGuard Installation.md

File metadata and controls

192 lines (126 loc) · 3.26 KB

WireGuard Installation

Before Installing WireGuard, Port 51820 should be opened.

SERVER-SIDE

Adding Addintional Packages and Repositories

Shift To Root user and install packages and repositories

sudo su -

apt update
apt install software-properties-common
add-apt-repository ppa:wireguard/wireguard

When prompted, press Enter to continue. add-apt-repository will also automatically update the package list.

Installing WireGuard

WireGuard runs as a kernel module, which is compiled as a DKMS module.

apt-get install wireguard-dkms wireguard-tools linux-headers-$(uname -r)

OR

apt install wireguard

Configuring WireGuard

WireGuard have two main command-line tools named wg and wg-quick that allow you to configure and manage the WireGuard interfaces.

Generating Keys :-
wg genkey | sudo tee /etc/wireguard/privatekey | wg pubkey | sudo tee /etc/wireguard/publickey

For Accessing The Public Key

cat /etc/wireguard/publickey

For Accessing The Private Key

cat /etc/wireguard/privatekey
Edit /etc/wireguard/wg0.conf 
vi /etc/wireguard/wg0.conf

ADD these lines

[Interface]
Address = 10.0.0.1/24
SaveConfig = true
ListenPort = 51820
PrivateKey = SERVER_PRIVATE_KEY
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE

Replace ens3 to your public network interface, you can find it thru ifconfig or ip -o -4 route show to default | awk '{print $5}' cmd.

Example - Change ens3 to eth0

[OPTIONAL]

You can also Add Peers rightnow in the same file (/etc/wireguard/wg0.conf)

[Peer]
PublicKey = CLIENT_PUBLIC_KEY
AllowedIPs = 10.0.0.2/32

[Peer]
PublicKey = CLIENT_PUBLIC_KEY
AllowedIPs = 10.0.0.3/32

[Peer]
PublicKey = CLIENT_PUBLIC_KEY
AllowedIPs = 10.0.0.4/32

.....

Note - For any changes in peers you have to first stop wireguard and then do the changes.

For Starting WireGuard
wg-quick up wg0
For Stopping WireGuard
wg-quick down wg0
For Checking Status
wg show wg0

and

ip a show wg0
For bring the WireGuard interface at boot time
systemctl enable wg-quick@wg0

Server Networking and Firewall Configuration

Edit /etc/sysctl.conf

Add or Uncomment the following line:

net.ipv4.ip_forward=1

To Check

sysctl -p

Adding Client Peer to the Server

Easy Way

wg set wg0 peer CLIENT_PUBLIC_KEY allowed-ips 10.0.0.2
wg set wg0 peer CLIENT_PUBLIC_KEY allowed-ips 10.0.0.3
wg set wg0 peer CLIENT_PUBLIC_KEY allowed-ips 10.0.0.4
.....

CLIENT-SIDE

STEPS
  1. Download WireGuard from the APP Store or there website
  2. Lunch the app and click on add button [+]
  3. Add an Empty Tunnel
  4. Name it and Add the fallowing Lines and save
[Interface]
PrivateKey = .....
Address = 10.0.0.2/24
DNS = 1.1.1.1 

[Peer]
PublicKey = SERVER_PUBLIC_KEY
AllowedIPs = 0.0.0.0/0
Endpoint = SERVER_PUBLIC_IP:51820
PersistentKeepalive = 30
  1. You woud also find your Public Key in above section only, which you have to add back to the server.
  2. Repeat this process for adding more peers.

Your WireGuard is all setuped.