Wireguard

1. Install WireGuard on the VPS

Update the system:
```
sudo apt update && sudo apt upgrade -y
```

Install WireGuard:

On Debian/Ubuntu:
```
sudo apt install wireguard -y
```

On CentOS/RHEL:

sudo yum install epel-release -y
sudo yum install wireguard-tools -y

On Fedora:
```
 dnf install wireguard-tools -y
```

2. Generate Keys for the Server

Create the WireGuard directory:

sudo mkdir /etc/wireguard
sudo chmod 700 /etc/wireguard
cd /etc/wireguard

Generate private and public keys:

umask 077
wg genkey | tee server_private.key | wg pubkey > server_public.key

Note the keys:

cat server_private.key
cat server_public.key

3. Configure the WireGuard Server

Create a WireGuard configuration file:
```
sudo nano /etc/wireguard/wg0.conf
```

Add the following content:

[Interface]
PrivateKey = <server_private_key>
Address = 10.0.0.1/24
ListenPort = 51820
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = <client_public_key>
AllowedIPs = 10.0.0.2/32

Replace <server_private_key> with the content of server_private.key. Replace <client_public_key> with the public key generated for the client in the next step.

Enable IP forwarding:

echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

4. Generate Keys for the Client

On the VPS, generate client keys:

wg genkey | tee client_private.key | wg pubkey > client_public.key

Retrieve the keys:

cat client_private.key
cat client_public.key

5. Add Client Configuration to the Server

Edit the server configuration file /etc/wireguard/wg0.conf and add a new peer block:

[Peer]
PublicKey = <client_public_key>
AllowedIPs = 10.0.0.2/32

6. Start and Enable the WireGuard Service

Start WireGuard:
```
sudo wg-quick up wg0
```
Enable WireGuard to start on boot:
```
sudo systemctl enable wg-quick@wg0
```
Check the WireGuard status:
```
sudo wg show
```

7. Configure the Client Device

On Linux

Install WireGuard:
```
sudo apt install wireguard -y
```
Create the client configuration file:
```
nano client.conf
```

Add the following content:

[Interface]
PrivateKey = <client_private_key>
Address = 10.0.0.2/24
DNS = 8.8.8.8

[Peer]
PublicKey = <server_public_key>
Endpoint = <server_ip>:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25

Replace <client_private_key> with the client private key, <server_public_key> with the server public key, and <server_ip> with the IP of your VPS.

Start WireGuard:
```
sudo wg-quick up client.conf
```

On Windows

Download and install WireGuard for Windows.
Import the client.conf file and connect.

On Android/iOS

Install the WireGuard app from the app store.
Import the client.conf file using QR code or file transfer.
Connect to the server.

8. Verify Connection

On the client device, check your public IP:

curl ifconfig.me

The IP should now reflect your VPS's IP, confirming the VPN is active.

PreviousOpenVPN NextGPU Cloud gaming (OctoCloudGaming)

Last updated 6 months ago

[Interface] PrivateKey = <server_private_key> Address = 10.0.0.1/24 ListenPort = 51820 PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE [Peer] PublicKey = <client_public_key> AllowedIPs = 10.0.0.2/32