Wireguard

1. Install WireGuard on the VPS

  1. Update the system:

    Copy

    sudo apt update && sudo apt upgrade -y

  2. Install WireGuard:

    • On Debian/Ubuntu:

      Copy

      sudo apt install wireguard -y

    • On CentOS/RHEL:

      Copy

      sudo yum install epel-release -y
sudo yum install wireguard-tools -y

    • On Fedora:

      Copy

       dnf install wireguard-tools -y

2. Generate Keys for the Server

  1. Create the WireGuard directory:

    Copy

    sudo mkdir /etc/wireguard
sudo chmod 700 /etc/wireguard
cd /etc/wireguard

  2. Generate private and public keys:

    Copy

    umask 077
wg genkey | tee server_private.key | wg pubkey > server_public.key

  3. Note the keys:

    Copy

    cat server_private.key
cat server_public.key

3. Configure the WireGuard Server

  1. Create a WireGuard configuration file:

    Copy

    sudo nano /etc/wireguard/wg0.conf

  2. Add the following content:

    Copy

    [Interface]
PrivateKey = <server_private_key>
Address = 10.0.0.1/24
ListenPort = 51820
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = <client_public_key>
AllowedIPs = 10.0.0.2/32

    Replace <server_private_key> with the content of server_private.key. Replace <client_public_key> with the public key generated for the client in the next step.

  3. Enable IP forwarding:

    Copy

    echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

4. Generate Keys for the Client

On the VPS, generate client keys:

Copy

wg genkey | tee client_private.key | wg pubkey > client_public.key

Retrieve the keys:

Copy

cat client_private.key
cat client_public.key

5. Add Client Configuration to the Server

Edit the server configuration file /etc/wireguard/wg0.conf and add a new peer block:

Copy

[Peer]
PublicKey = <client_public_key>
AllowedIPs = 10.0.0.2/32

6. Start and Enable the WireGuard Service

  1. Start WireGuard:

    Copy

    sudo wg-quick up wg0

  2. Enable WireGuard to start on boot:

    Copy

    sudo systemctl enable wg-quick@wg0

  3. Check the WireGuard status:

    Copy

    sudo wg show

7. Configure the Client Device

On Linux

  1. Install WireGuard:

    Copy

    sudo apt install wireguard -y

  2. Create the client configuration file:

    Copy

    nano client.conf

  3. Add the following content:

    Copy

    [Interface]
PrivateKey = <client_private_key>
Address = 10.0.0.2/24
DNS = 8.8.8.8

[Peer]
PublicKey = <server_public_key>
Endpoint = <server_ip>:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25

    Replace <client_private_key> with the client private key, <server_public_key> with the server public key, and <server_ip> with the IP of your VPS.

  4. Start WireGuard:

    Copy

    sudo wg-quick up client.conf

On Windows

  1. Download and install WireGuard for Windows.

  2. Import the client.conf file and connect.

On Android/iOS

  1. Install the WireGuard app from the app store.

  2. Import the client.conf file using QR code or file transfer.

  3. Connect to the server.

8. Verify Connection

On the client device, check your public IP:

Copy

curl ifconfig.me

The IP should now reflect your VPS's IP, confirming the VPN is active.

PreviousOpenVPNNextGPU Cloud gaming (OqtoCloudGaming)

Last updated