This how to help you to learn How To Install Wireguard On Bullseye, as a server. The guide is split in simple steps allowing to easily work thru.
Index How To Install Wireguard On Bullseye
Background
WireGuard is a Virtual Private Network (VPN) protocol that supports both IPv4 and IPv6 connections. Unlike other VPN solutions that use Transport Layer Security (TLS) and certificates, WireGuard relies on public and private keys for peer authentication and encrypted tunnels.
Its simplicity, security, and compatibility make it an attractive choice for setting up secure communication.
How Install Wireguard On Bullseye
1. Update the System
As always, ensure your system is up to date before installing anything! More information about upgrading a Linux system can be found here.
sudo apt-get update && sudo apt-get upgrade
2. Install the Wireguard Server
Now we install the Wirguard server software package:
sudo apt install wireguard
3. Configure the Wireguard Server
To configure the server, you first generate public and private keys. This can be done with the easy command below, but also we store it into the /etc/wireguard directory.
wg genkey | sudo tee /etc/wireguard/privatekey | wg pubkey | sudo tee /etc/wireguard/publickey
Now, we update the configuration file of the server. Most likely its empty by the below
[Interface] Address = 10.0.0.1/24 ListenPort = 51820 PrivateKey = <SERVER PRIVATE KEY> [Peer] PublicKey = <PEER COMPUTER PUBLIC KEY> AllowedIPs = 10.0.0.2/32
NOTE:
- Replace the SERVER PRIVAT KEY by the private key that we have generated before. You can find the content of the private key by executing the command of
cat /etc/wireguard/privatekey
- Replace PEER COMPUTER PUBLIC KEY by the peer computers public key. You find this on the computer that you like to connect to the Wireguard server
- I have selected as ip range 10.0.0.1/24. Of Course you can replace it by for example 192.168.100.1/24 or any other private addresses
- The port on which the Wiregauard server is listing for connection is 51820. You maybe like to replace it by another port. If you do so, consider this also for the firewall configuration in the next step.
We need to ensure, that the firewall allows connections to the Wireguard server, as well as the firewall allows to forward received ip packages. To configure the firewall we fire the following command (please consider the port if you have changed it in the above):
sudo ufw allow 51820/udp
Enabling package forwarding requires to edit the sysctl.conf file. To do so, you like to execute the following command:
sudo vi /etc/sysctl.conf
In this sysctl.conf file you uncomment the following line, so that it looks like this:
net.ipv4.ip_forward=1
Once done, ensure the changes made apply to the system. This you do by
sudo sysctl -p
We now are ready to start the server!
Start the Wireguard server
To start the wireguard server we leverage on the system services:
sudo systemctl start wg-quick@wg0
This however does not ensure, that the server restarts after rebooting the system. To make it permanent and start the server at boot jump to the next chapter.
Start the Wireguard server on boot
To start the wireguard server on boot, you fire the below command:
sudo systemctl enable wg-quick@wg0
Now, in the next step, you move to the wireguard client (the computer you like to connect to your server) and install wireguard on this computer. Have fun!
Additional Information
- Persistent Keepalive: To maintain a connection even when no data is being transmitted, set a persistent keepalive value for peers. Add the PersistentKeepalive field to the peer configuration.
- System Hardning: You might like to harden your wireguard server! This hardening guide could be quite helpful for you to do so!
It would be amazing if you follow my myhowto.blog. To my blog is actually easy! You can leverage on
- Click to follow me on Twitter
- Bookmark this page and comeback from time to time
I am really looking forward for you to contact me if for example you found a better option or other idea then in this how to. Also, please touch base if you found an error or anything not working or if you have something that you would love to be added to the myhowto.blog. Simply click this link to touch base with me.
Linking Or Recommending The How To Or The myhowto.blog
I would love to see you are recommending this how to or link it to your website. Also, I would love if you link or recommend the whole myhowto.blog. Please feel free to do so! In case you like to touch base regarding this topic with me, then simply click this link. I look forward!