# Wireguard #### **1. Install WireGuard on the VPS** 1. **Update the system:** Copy ``` sudo apt update && sudo apt upgrade -y ``` 2. **Install WireGuard:** * On **Debian/Ubuntu**: Copy ``` sudo apt install wireguard -y ``` * On **CentOS/RHEL**: Copy ``` sudo yum install epel-release -y sudo yum install wireguard-tools -y ``` * On **Fedora**: Copy ``` dnf install wireguard-tools -y ``` *** #### **2. Generate Keys for the Server** 1. **Create the WireGuard directory:** Copy ``` sudo mkdir /etc/wireguard sudo chmod 700 /etc/wireguard cd /etc/wireguard ``` 2. **Generate private and public keys:** Copy ``` umask 077 wg genkey | tee server_private.key | wg pubkey > server_public.key ``` 3. **Note the keys:** Copy ``` cat server_private.key cat server_public.key ``` *** #### **3. Configure the WireGuard Server** 1. **Create a WireGuard configuration file:** Copy ``` sudo nano /etc/wireguard/wg0.conf ``` 2. **Add the following content:** Copy ``` [Interface] PrivateKey = Address = 10.0.0.1/24 ListenPort = 51820 PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE [Peer] PublicKey = AllowedIPs = 10.0.0.2/32 ``` Replace `` with the content of `server_private.key`. Replace `` with the public key generated for the client in the next step. 3. **Enable IP forwarding:** Copy ``` echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf sudo sysctl -p ``` *** #### **4. Generate Keys for the Client** On the VPS, generate client keys: Copy ``` wg genkey | tee client_private.key | wg pubkey > client_public.key ``` Retrieve the keys: Copy ``` cat client_private.key cat client_public.key ``` *** #### **5. Add Client Configuration to the Server** Edit the server configuration file `/etc/wireguard/wg0.conf` and add a new peer block: Copy ``` [Peer] PublicKey = AllowedIPs = 10.0.0.2/32 ``` *** #### **6. Start and Enable the WireGuard Service** 1. **Start WireGuard:** Copy ``` sudo wg-quick up wg0 ``` 2. **Enable WireGuard to start on boot:** Copy ``` sudo systemctl enable wg-quick@wg0 ``` 3. **Check the WireGuard status:** Copy ``` sudo wg show ``` *** #### **7. Configure the Client Device** **On Linux** 1. **Install WireGuard:** Copy ``` sudo apt install wireguard -y ``` 2. **Create the client configuration file:** Copy ``` nano client.conf ``` 3. **Add the following content:** Copy ``` [Interface] PrivateKey = Address = 10.0.0.2/24 DNS = 8.8.8.8 [Peer] PublicKey = Endpoint = :51820 AllowedIPs = 0.0.0.0/0 PersistentKeepalive = 25 ``` Replace `` with the client private key, `` with the server public key, and `` with the IP of your VPS. 4. **Start WireGuard:** Copy ``` sudo wg-quick up client.conf ``` *** **On Windows** 1. Download and install WireGuard for Windows. 2. Import the `client.conf` file and connect. *** **On Android/iOS** 1. Install the WireGuard app from the app store. 2. Import the `client.conf` file using QR code or file transfer. 3. Connect to the server. *** #### **8. Verify Connection** On the client device, check your public IP: Copy ``` curl ifconfig.me ``` The IP should now reflect your VPS's IP, confirming the VPN is active.