Wireguard

1. Install WireGuard on the VPS

1. Update the system:

   Copy

   sudo apt update && sudo apt upgrade -y

2. Install WireGuard:

   • On Debian/Ubuntu:

     Copy

     sudo apt install wireguard -y

   • On CentOS/RHEL:

     Copy

     sudo yum install epel-release -y
     sudo yum install wireguard-tools -y

   • On Fedora:

     Copy

      dnf install wireguard-tools -y

---

2. Generate Keys for the Server

1. Create the WireGuard directory:

   Copy

   sudo mkdir /etc/wireguard
   sudo chmod 700 /etc/wireguard
   cd /etc/wireguard

2. Generate private and public keys:

   Copy

   umask 077
   wg genkey | tee server_private.key | wg pubkey > server_public.key

3. Note the keys:

   Copy

   cat server_private.key
   cat server_public.key

---

3. Configure the WireGuard Server

1. Create a WireGuard configuration file:

   Copy

   sudo nano /etc/wireguard/wg0.conf

2. Add the following content:

   Copy

   [Interface]
   PrivateKey = <server_private_key>
   Address = 10.0.0.1/24
   ListenPort = 51820
   PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
   PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
   
   [Peer]
   PublicKey = <client_public_key>
   AllowedIPs = 10.0.0.2/32

   Replace <server_private_key> with the content of server_private.key. Replace <client_public_key> with the public key generated for the client in the next step.

3. Enable IP forwarding:

   Copy

   echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf
   sudo sysctl -p

---

4. Generate Keys for the Client

On the VPS, generate client keys:

Copy

wg genkey | tee client_private.key | wg pubkey > client_public.key

Retrieve the keys:

Copy

cat client_private.key
cat client_public.key

---

5. Add Client Configuration to the Server

Edit the server configuration file /etc/wireguard/wg0.conf and add a new peer block:

Copy

[Peer]
PublicKey = <client_public_key>
AllowedIPs = 10.0.0.2/32

---

6. Start and Enable the WireGuard Service

1. Start WireGuard:

   Copy

   sudo wg-quick up wg0

2. Enable WireGuard to start on boot:

   Copy

   sudo systemctl enable wg-quick@wg0

3. Check the WireGuard status:

   Copy

   sudo wg show

---

7. Configure the Client Device

On Linux

1. Install WireGuard:

   Copy

   sudo apt install wireguard -y

2. Create the client configuration file:

   Copy

   nano client.conf

3. Add the following content:

   Copy

   [Interface]
   PrivateKey = <client_private_key>
   Address = 10.0.0.2/24
   DNS = 8.8.8.8
   
   [Peer]
   PublicKey = <server_public_key>
   Endpoint = <server_ip>:51820
   AllowedIPs = 0.0.0.0/0
   PersistentKeepalive = 25

   Replace <client_private_key> with the client private key, <server_public_key> with the server public key, and <server_ip> with the IP of your VPS.

4. Start WireGuard:

   Copy

   sudo wg-quick up client.conf

---

On Windows

1. Download and install WireGuard for Windows.

2. Import the client.conf file and connect.

---

On Android/iOS

1. Install the WireGuard app from the app store.

2. Import the client.conf file using QR code or file transfer.

3. Connect to the server.

---

8. Verify Connection

On the client device, check your public IP:

Copy

curl ifconfig.me

The IP should now reflect your VPS's IP, confirming the VPN is active.