by: Linux/Unix Raspberry Pi3 Comments on Setting Up WireGuard VPN Client and Server

Modern, lightweight, and high-performance VPN protocol.

Server Side

apt-add-repository ppa:wireguard/wireguard && apt update
apt install wireguard-dkms wireguard-tools linux-headers-$(uname -r)
umask 077
wg genkey | tee server_private_key | wg pubkey > server_public_key
cat server_public_key
cat server_private_key

If you are using Debian the command apt-add-repository will not work, so replace it with the following and continue with the procedure.

sh -c "echo 'deb http://deb.debian.org/debian buster-backports main contrib non-free' > /etc/apt/sources.list.d/buster-backports.list"

Copy both private and public keys and insert the server private key on the configuration file /etc/wireguard/wg0.conf:

[Interface]
Address = 10.100.100.1/24
SaveConfig = true
PrivateKey = OFSQt8EsapBiIR8xdcX7qJrNxc+w5NsdrZE2AlT/ulM=
ListenPort = 51820
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
PublicKey = 
AllowedIPs = 10.100.100.2/32

Allow IPv4 forwarding on /etc/sysctl.conf then restart.

...
net.ipv4.ip_forward=1
...

The issue:

sysctl -p
echo 1 > /proc/sys/net/ipv4/ip_forward
reboot

Client Side

sudo apt-add-repository ppa:wireguard/wireguard && sudo apt update
sudo apt install wireguard-dkms wireguard-tools linux-headers-$(uname -r)
umask 077
wg genkey | tee client_private_key | wg pubkey > client_public_key 
cat client_public_key
cat client_private_key

Copy both private and public keys and insert the client private key and server public key on the configuration file /etc/wireguard/wg0-client.conf:

[Interface]
Address = 10.100.100.2/32
PrivateKey = oCd8EOqR1fezGQrKg2Z+6PgsrmNMGkmFJFLwt80raWU=
[Peer]
PublicKey = 2MC67m4cXW0Byn7oieWp6CTCUyF2UDXaIfzTxjaypx0=
Endpoint = 192.168.134.169:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 21

Start the wg-quick:

wg-quick up wg0-client

Server Side Again

Go back to the server configuration and add the client public key on the configuration file /etc/wireguard/wg0.conf:

[Interface]
Address = 10.100.100.1/24
SaveConfig = true
PrivateKey = OFSQt8EsapBiIR8xdcX7qJrNxc+w5NsdrZE2AlT/ulM=
ListenPort = 51820
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
PublicKey = YnHktthA5EibYaiKEyNTYPpsV40tnKEOrT1opdWiylA=
AllowedIPs = 10.100.100.2/32

Issue the commands:

chmod -v 600 /etc/wireguard/wg0.conf
wg-quick up wg0
systemctl enable [email protected]

Client Side Again

Start the service!

wg-quick up wg0-client

Read Also

Performance OpenVPN vs WireGuard [Link]

OpenVPN Server + Monitoring [Link]

pfSense with OpenVPN Client [Link]

GRE VPN Tunnel on Cisco [Link]

3 Replies to “Setting Up WireGuard VPN Client and Server”

  1. Pingback: Performance Comparison: OpenVPN vs WireGuard – DFT Blog
  2. Pingback: OpenVPN Server + Monitoring on Ubuntu 20.04 – DFT Blog
  3. Pingback: pfSense with OpenVPN Client – DFT Blog

Comments are closed.