Configure a Wireguard VPN

Here is how I’ve set up a wireguard configuration and runned it on my server :

Generate the public and private keys

On both sides (the wireguard server and then on the peer) execute the following commands :

wg genkey > /etc/wireguard/private.key
chmod go= /etc/wireguard/private.key
cat /etc/wireguard//private.key | wg pubkey > /etc/wireguard/public.key `

Wireguard server configuration

Accept forwarding packets

edit /etc/sysctl.conf and add :

net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1

then run the command sysctl -p

Edit the wireguard configuration file (/etc/wireguard/wg0.conf)

[Interface]
### ip adresses of the vpn server inside the vpn
Address = 10.8.0.1/24
Address = fd24:609a:6c18::1/64
SaveConfig = true
### routing after launch and cooldown after stop enp2s0f0 is my network interface

PostUp = iptables -t nat -I POSTROUTING -o enp2s0f0 -j MASQUERADE
PostUp = ip6tables -t nat -I POSTROUTING -o enp2s0f0 -j MASQUERADE
PreDown = iptables -t nat -D POSTROUTING -o enp2s0f0 -j MASQUERADE
PreDown = ip6tables -t nat -D POSTROUTING -o enp2s0f0 -j MASQUERADE

### port to listen for peers
ListenPort = 51820
PrivateKey = Privatekey of the wireguard server stored in the /etc/wireguard/private.key

[Peer]
PublicKey = Publickey of the wireguard peer stored on the peer in the /etc/wireguard/public.key
### ip of the peer inside the vpn
AllowedIPs = 10.8.0.3/32, fd24:609a:6c18::3/128

start the vpn server

systemctl start wg-quick@wg0.service

verify that the server is launched and ok

wg

interface: wg0 public key: tVwyZeTOqmxwhkDaDsfAm5muRbehS4aUlOL7CeOIaCE= private key: (hidden) listening port: 51820

peer: 4JDGpvLCXz1fLvNglhQQmhtaQ/qlqeeBXOaHO1raaR4= endpoint: MyClientIP:57870 allowed ips: 10.8.0.3/32, fd24:609a:6c18::3/128

enable wireguard on system boot

systemctl enable wg-quick@wg0.service

Troubleshooting:

If the message saying systemd resolved error :

systemctl enable systemd_resolved.service

Wireguard Peer configuration

Edit the wireguard configuration (/etc/wireguard/wg0.conf)

[Interface]
### peer privatekey
PrivateKey = Mypeerprivatekey stored in the /etc/wireguard/private.key file
### peer adress and dns parameters
Address = 10.8.0.3/24, fd24:609a:6c18::3/64
DNS = 9.9.9.9, 2620:fe::fe

[Peer]
### Wireguard server public key
PublicKey = stored on the wireguard server in the /etc/wireguard/public.key
### network routing on the vpn
AllowedIPs = 0.0.0.0/0, 10.8.0.0/24, 192.168.0.0/24, fd24:609a:6c18::/64, ::/0
### ip of the vpn and port where the vpn is listening
Endpoint = MyserverIP:51820

start the vpn client

systemctl start wg-quick@wg0.service

verify that the client is launched and ok

wg

interface: wg0 public key: 4JDGpvLCXz1fLvNglhQQmhtaQ/qlqeeBXOaHO1raaR4= private key: (hidden) listening port: 55175 fwmark: 0xca6c

peer: tVwyZeTOqmxwhkDaDsfAm5muRbehS4aUlOL7CeOIaCE= endpoint: MyWireguardserverIP:51820 allowed ips: 0.0.0.0/0, 10.8.0.0/24, 192.168.0.0/24, fd24:609a:6c18::/64, ::/0 latest handshake: 19 seconds ago transfer: 138.16 MiB received, 5.95 MiB sent


untagged

387 Words

2023-01-22 10:51 +0100