Step 1: Installing WireGuard
Install WireGuard on both Server and Client:
sudo apt update && sudo apt install wireguard -y
Step 2: Network Interface Configuration
Client (/etc/network/interfaces)
auto wg0
iface wg0 inet static
address 10.1.30.2/24
pre-up wg-quick up $IFACE
pre-down wg-quick down $IFACE
iface wg0 inet6 static
address 2001:db8:1001:30::2/64
Server (/etc/network/interfaces)
auto wg0
iface wg0 inet static
address 10.1.30.1/24
pre-up ip link add $IFACE type wireguard
pre-down wg setconf $IFACE /etc/wireguard/$IFACE.conf
post-down ip link del $IFACE
iface wg0 inet6 static
address 2001:db8:1001:30::1/64
Step 3: Generating and Exchanging Keys
3.1 Generate keys on both sides
Run the following commands on both Server and Client:
- cd /etc/wireguard
- wg genkey | tee privatekey
- wg pubkey < privatekey > publickey
3.2 Exchange public keys
Copy the public key from each side to the other. Example:
scp /etc/wireguard/publickey root@<remote_ip>:/etc/wireguard/publickey_remote
Step 4: Creating WireGuard Configuration Files
Server /etc/wireguard/wg0.conf
[Interface]
PrivateKey = <server_private_key>
ListenPort = 51820
[Peer]
PublicKey = <client_public_key>
AllowedIPs = 10.1.30.2/32, 2001:db8:1001:30::2/128
Endpoint = <client_ip>:51820
Client /etc/wireguard/wg0.conf
[Interface]
PrivateKey = <client_private_key>
ListenPort = 51820
[Peer]
PublicKey = <server_public_key>
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = <server_ip>:51820
Step 5: Troubleshooting
- If you cannot reach the WireGuard server IP, try pinging the server endpoint IP.
- If the WireGuard service won’t start, check logs:
journalctl -xeu wg-quick@wg0 - Validate syntax:
wg-quick check wg0
Step 6: Starting WireGuard
To start or restart the WireGuard interface:
systemctl start wg-quick@wg0
or
systemctl restart networking
To enable it at boot:
systemctl enable wg-quick@wg0