Install Wireguard Server on debian 11
sh
sudo apt-get update
sudo apt-get install wireguard
# Then generate public and private key (key display at the end is the public key)
wg genkey | sudo tee /etc/wireguard/wg-private.key | wg pubkey | sudo tee /etc/wireguard/wg-public.key
# Display private key
sudo cat /etc/wireguard/wg-private.keyEdit configuration
sh
sudo vim /etc/wireguard/wg0.conf
# Like this
[Interface]
Address = 10.10.10.1/24 # Serve Tunnel ip address
ListenPort = 51820
PrivateKey = <YOUR_PRIVATE_KEY>
[Peer]
PublicKey = <PEER_PUBLIC_KEY>
AllowedIPs = 10.10.10.2/32 # Peer ip adressCheck new interface
sh
sudo wg-quick up wg0
ip a
sudo wg show wg0Automatically bring up wg0 on startup
sh
sudo systemctl enable wg-quick@wg0.serviceEnable IP Forwarding
sh
sudo su -
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
exitEnable IP Masquerade
sh
sudo apt install ufw
sudo ufw allow 22/tcp
sudo ufw allow 51820/udpEnable IP Masquerade:
sh
# Take the name of the network interface using `ip a` then
sudo vim /etc/ufw/before.rules
# Then Add this at the end :
`
# NAT - IP masquerade
*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o <NETWORK_INTERFACE_NAME> -j MASQUERADE
# End each table with the 'COMMIT' line or these rules won't be processed
COMMIT
`
# Add this to the same group on the same configuration file
-A ufw-before-forward -s 10.10.10.0/24 -j ACCEPT
-A ufw-before-forward -d 10.10.10.0/24 -j ACCEPT
sudo ufw enable
sudo systemctl restart ufwAdd a new peer
sh
sudo wg-quick down wg0
sudo vim /etc/wireguard/wg0.conf
# Add peer information like :
[Peer]
PublicKey = <PEER_PUBLIC_KEY>
AllowedIPs = 10.10.10.2/32
[Peer]
PublicKey = <PEER_PUBLIC_KEY>
AllowedIPs = 10.10.10.3/32 # Another peer ip adress
# Then
sudo wg-quick up wg0Configure DNS throught wireguard server
sh
sudo apt-get install resolvconf
sudo wg-quick down /etc/wireguard/wg0.conf
# On the peer interface use wireguard server ip address (here 10.10.10.1) as DNS Server.
DNS = 10.10.10.1
# On the Peer configuration you also need to provide 0.0.0.0/0 for AllowedIPs.
AllowedIPs = 0.0.0.0/0
sudo wg-quick up /etc/wireguard/wg0.confDon't forget to redirect your wireguard server UDP port using nat/pat on your router.