Wireguard

1. Install WireGuard on the VPS

  1. Update the system:

    sudo apt update && sudo apt upgrade -y

  2. Install WireGuard:

    • On Debian/Ubuntu:

      sudo apt install wireguard -y

    • On CentOS/RHEL:

      sudo yum install epel-release -y
sudo yum install wireguard-tools -y

    • On Fedora:

       dnf install wireguard-tools -y

2. Generate Keys for the Server

  1. Create the WireGuard directory:

    sudo mkdir /etc/wireguard
sudo chmod 700 /etc/wireguard
cd /etc/wireguard

  2. Generate private and public keys:

    umask 077
wg genkey | tee server_private.key | wg pubkey > server_public.key

  3. Note the keys:

    cat server_private.key
cat server_public.key

3. Configure the WireGuard Server

  1. Create a WireGuard configuration file:

    sudo nano /etc/wireguard/wg0.conf

  2. Add the following content:

    [Interface]
PrivateKey = <server_private_key>
Address = 10.0.0.1/24
ListenPort = 51820
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = <client_public_key>
AllowedIPs = 10.0.0.2/32

    Replace <server_private_key> with the content of server_private.key. Replace <client_public_key> with the public key generated for the client in the next step.

  3. Enable IP forwarding:

    echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

4. Generate Keys for the Client

On the VPS, generate client keys:

wg genkey | tee client_private.key | wg pubkey > client_public.key

Retrieve the keys:

cat client_private.key
cat client_public.key

5. Add Client Configuration to the Server

Edit the server configuration file /etc/wireguard/wg0.conf and add a new peer block:

[Peer]
PublicKey = <client_public_key>
AllowedIPs = 10.0.0.2/32

6. Start and Enable the WireGuard Service

  1. Start WireGuard:

    sudo wg-quick up wg0

  2. Enable WireGuard to start on boot:

    sudo systemctl enable wg-quick@wg0

  3. Check the WireGuard status:

    sudo wg show

7. Configure the Client Device

On Linux

  1. Install WireGuard:

    sudo apt install wireguard -y

  2. Create the client configuration file:

    nano client.conf

  3. Add the following content:

    [Interface]
PrivateKey = <client_private_key>
Address = 10.0.0.2/24
DNS = 8.8.8.8

[Peer]
PublicKey = <server_public_key>
Endpoint = <server_ip>:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25

    Replace <client_private_key> with the client private key, <server_public_key> with the server public key, and <server_ip> with the IP of your VPS.

  4. Start WireGuard:

    sudo wg-quick up client.conf

On Windows

  1. Download and install WireGuard for Windows.

  2. Import the client.conf file and connect.

On Android/iOS

  1. Install the WireGuard app from the app store.

  2. Import the client.conf file using QR code or file transfer.

  3. Connect to the server.

8. Verify Connection

On the client device, check your public IP:

curl ifconfig.me

The IP should now reflect your VPS's IP, confirming the VPN is active.

PreviousOpenVPNNextGPU Cloud gaming (OctoCloudGaming)

Last updated