Install and settings WireGuard for Debian 11
WireGuard can be used on a variety of operating systems, including Linux, macOS, Windows, and Android. This makes it a versatile solution for users who want to protect their privacy and security when using the internet. WireGuard can be used to secure communication between remote locations, to connect to a private network from a public one, or to access geo-restricted content.
WireGuard is designed to be easy to set up and use. The process of setting up a WireGuard VPN server is relatively straightforward, and the protocol can be configured using a simple configuration file. The client software is also straightforward to install and use, making it a good choice for individuals who are not familiar with VPNs.
WireGuard also offers robust privacy features. The protocol uses public key cryptography to encrypt traffic, which makes it more secure than traditional VPN protocols that use a shared secret key. WireGuard also has support for end-to-end encryption, which means that traffic is encrypted all the way from the client to the server.
Let’s analyze the WIreGuard settings on Debian 11. First of all, update the packages and install the program:
apt update apt upgradeapt install wireguard
The next step is to set up the config and generate keys (public and private).
cd /etc/wireguard/umask 077; wg genkey | tee privatekey | wg pubkey > publickey
Look at your keys and save somewhere to write to the config:
cat privatekeycat publickey
Create a config along the way:
nano /etc/wireguard/wg0.conf
Add the following lines to the config
[Interface]
Address = 10.8.0.1/24
SaveConfig = true
PostUp = ufw route allow in on wg0 out on ens3
PostUp = iptables -t nat -I POSTROUTING -o ens3 -j MASQUERADE
PreDown = ufw route delete allow in on wg0 out on ens3
PreDown = iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
ListenPort = 51820
PrivateKey = PRIVETE_KEY
DNS = 1.1.1.1 8.8.8.8
Let’s understand what the settings mean. So.
Address – The subnet that our WireGuard will run on. In my case, this is the subnet 10.8.0.1/24, you may have a different one: 10.11.0.4/32 or 10.10.0.3/24, it’s up to you.
PostUp\PreDown – Firewall rules that will be executed when starting and stopping the WIreGuard service. will notice that the rules specify the common interface ens3, you need to specify your own, you can find out with the ip a
or ifconfig
command.
ListenPort – This is the port that WireGuard will run on.
PrivateKey – The private key that you saved in advance.
Save the config and enable and start the service:
systemctl enable wg-quick@wg0
systemctl start wg-quick@wg0
Ready. Now let’s figure out how to connect to our network. We will consider the example on the WireGuard client for Windows, which can be downloaded here: https://www.wireguard.com/install/
In the program, click “Add an empty tunnel“. In our window, the config will be immediately added and the public key and private key will be indicated.
Copy the public key and add the following code to the server in the previously created config:
[Peer]
PublicKey = PUBLIC_KEY
AllowedIPs = 10.8.0.2/24
Instead of PUBLIC_KEY, we prescribe the public key.
In the client program, add the lines to the config:
[Interface]
PrivateKey = PRIVATE_KEY_FROM_CLIENT
Address = 10.8.0.2/24
DNS = 1.1.1.1, 8.8.8.8
[Peer]
PublicKey = PUBLIC_KEY_FROM_SERVER
AllowedIPs = 0.0.0.0/0
Endpoint = 123.123.123.123:51820
In Endpoint – we indicate the real IP address of the server and the port on which WireGuard is running.
In PublicKey – we specify the public key that we generated earlier on the server and saved.
Restart the WireGuard service on the server:
systemctl stop wg-quick@wg0systemctl start wg-quick@wg0
In our client program, save the config and connect to the server. Next, check the network. You can go to the site ifconfig.io – if the IP address is the server, then WareGuard is working, otherwise double-check the settings.
In conclusion, WireGuard is a fast, modern, and secure VPN solution that is well suited for individuals who want to protect their privacy and security when using the internet. Its minimalist design, ease of use, and strong security features make it an attractive option for individuals and organizations alike.