Step 1: Install WireGuard on the Server and Client
The first step in setting up a WireGuard VPN is to install the WireGuard software on both the server and client machines. The installation process will vary depending on your operating system, but the official WireGuard website provides detailed installation instructions for a variety of platforms.
sudo apt-get update
sudo apt-get install wireguard
Step 2: Generate Keys
Next, you'll need to generate public and private keys for both the server and client machines. You can do this using the following command:
$ wg genkey | tee privatekey | wg pubkey > publickey
This will generate a private key, save it to a file called privatekey, and generate a public key, which will be output to the terminal. Repeat this process on both the server and client machines.
Step 3: Configure the Server
Now, you'll need to configure the server. Create a configuration file for WireGuard by creating a new file at /etc/wireguard/wg0.conf. Add the following configuration to the file, replacing the private and public keys with the ones you generated in Step 2:
[Interface]
Address = 10.0.0.1/24
SaveConfig = true
PrivateKey = SERVER_PRIVATE_KEY
[Peer]
PublicKey = CLIENT_PUBLIC_KEY
AllowedIPs = 10.0.0.2/32
This configuration file sets up the WireGuard interface with an IP address of 10.0.0.1, and allows the client with the public key specified to connect to the server. Make sure to replace SERVER_PRIVATE_KEY with the private key you generated in Step 2, and CLIENT_PUBLIC_KEY with the public key of the client machine.
Step 4: Start the WireGuard Interface on the Server
To start the WireGuard interface on the server, run the following command:
$ sudo wg-quick up wg0
This will start the WireGuard interface using the configuration file you created in Step 3.
Step 5: Configure the Client
Now, you'll need to configure the client. Create a configuration file for WireGuard by creating a new file at /etc/wireguard/wg0.conf. Add the following configuration to the file, replacing the private and public keys with the ones you generated in Step 2:
[Interface]
Address = 10.0.0.2/24
PrivateKey = CLIENT_PRIVATE_KEY
[Peer]
PublicKey = SERVER_PUBLIC_KEY
AllowedIPs = 0.0.0.0/0
Endpoint = SERVER_PUBLIC_IP:51820
This configuration file sets up the WireGuard interface with an IP address of 10.0.0.2, and allows all traffic to be routed through the VPN. Make sure to replace CLIENT_PRIVATE_KEY with the private key you generated in Step 2, and SERVER_PUBLIC_KEY with the public key of the server machine. Also, replace SERVER_PUBLIC_IP with the public IP address of the server machine.
Step 6: Start the WireGuard Interface on the Client
To start the WireGuard interface on the client, run the following command:
$ sudo wg-quick up wg0
This will start the WireGuard interface using the configuration file you created in Step 5.
That's it! Your server and client are now connected via a secure WireGuard VPN. You can test the connection by pinging the server from the client, or by accessing resources on the server that are only available on its local network.