WireGuard Server in Debian

WireGuard: A Normal VPN Server replacing OpenVPN etc.

There is also another option to setup normal VPN Server, I choose WireGuard as an example

1. Install Wireguard

Update Debian first

sudo -i
apt-get update && apt-get upgrade -y

Install cloud-amd64 linux header

apt install linux-headers-$(uname -r) -y

reboot once

reboot

Enable package forward

nano /etc/sysctl.conf

find #net.ipv4.ip_forward=1 and delete the # in front

Activate changes then install wireguard

sysctl -p
apt-get install wireguard -y

Case: If there is error showing E: unable to locate package wireguard

sudo sh -c "echo 'deb https://deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmware' > /etc/apt/sources.list.d/bookworm-backports.list"
apt update
apt-get install wireguard -y

2. Configure wireguard server

Generate key pairs (privatekey=server private key, publickey= server public key, priclikey=private client key, pubclikey=public server key)

cd /etc/wireguard
umask 077; wg genkey | tee privatekey | wg pubkey > publickey
umask 077; wg genkey | tee private_client_key | wg pubkey > public_client_key
umask 077; wg genpsk > presharedkey

Copy the following result of keys

cat privatekey
cat publickey
cat private_client_key
cat public_client_key
cat presharedkey

Check the interface name of VPS (there should be 2, one name as "lo", we need another one) For example: en0

ip link show

Edit config file (note: eth0 should change to the name you find in previous step, in my case is en0)

nano /etc/wireguard/wg0.conf

[Interface]
Address = 192.168.69.1/24
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51820
PrivateKey = RESULT_OF_privatekey

[Peer]
PublicKey=RESULT_OF_public_client_key
PresharedKey=RESULT_OF_presharedkey
AllowedIPs=192.168.69.2
PersistentKeepalive=30

Activate the server

systemctl enable wg-quick@wg0
systemctl start wg-quick@wg0

Open UDP port : 51820 in VPS firewall

3. Generate QR code for mobile use

Install QR Code Generator (For desktop users, you can skip installing, just change the config file below)

apt install qrencode -y

Setup the config file for mobile device

nano /etc/wireguard/mobile.conf

Things to change: PrivateKey, PublicKey, PresharedKey, a.bname.com You may type your setting in mobile directly if you want, but I'm lazy For DNS, if you created DNS server in the same Debian server, you can change to 192.168.69.1

[Interface]
PrivateKey = RESULT_OF_private_client_key
Address = 192.168.69.2/24
DNS = 8.8.8.8

[Peer]
PublicKey = RESULT_OF_publickey
PresharedKey = presharedkey
Endpoint = a.bname.com:51820
AllowedIPs = 0.0.0.0/0

Generate QR code for mobile use

qrencode -t ansiutf8 < /etc/wireguard/mobile.conf

PreviousAdGuardHome in Debian (DNS server with Adblock)NextIKEv2 Server in Debian (EAP-MSCHAPv2 only)

Last updated 1 year ago

Was this helpful?