====== Wireguard ======
===== Install Wireguard on Debian 9.x and Raspbian 10.x =====
# echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list
# echo -e "Package: *\nPin: release a=unstable\nPin-Priority: 150\n" > /etc/apt/preferences.d/limit-unstable
# apt-get update && apt-get install wireguard-dkms wireguard-tools
# modprobe wireguard && lsmod | grep wireguard
===== Create Key Pairs =====
**Host A**
root@hosta # wg genkey > privateA
root@hosta # wg pubkey < privateA > publicA
**Host B**
root@hostb # wg genkey > privateB
root@hostb # wg pubkey < privateB > publicB
===== Assign Link Network to Wireguard-Tunnel =====
Link-Network: 172.24.0.0/30
HostA: 172.24.0.1/30
HostB: 172.24.0.2/30
===== Create Config =====
**Host A**
root@hosta # cat /etc/wireguard/wg0.conf
# HostA - HostB
[Interface]
Address = 172.24.0.1/30
PrivateKey =
ListenPort = 51820
[Peer]
PublicKey =
AllowedIPs = 172.24.0.2/32
**Host B**
root@hostb # cat /etc/wireguard/wg0.conf
# HostB - HostA
[Interface]
Address = 172.24.0.2/30
PrivateKey =
ListenPort = 51820
[Peer]
PublicKey =
AllowedIPs = 172.24.0.1/32
# Uncomment if HostB is behind NAT Router
# PersistentKeepAlive = 25
===== Start Wireguard Tunnel =====
Issue on both hosts
root@hosta # wg-quick up wg0
root@hostb # wg-quick up wg0
===== Check Status =====
**Host A**
root@hosta # wg
interface: wg0
public key: PUBLIC-KEY-A
private key: (hidden)
listening port: 51820
peer: PUBLIC-KEY-B
endpoint: 185.69.244.140:25920
allowed ips: 172.24.0.2/32
latest handshake: 1 minute, 44 seconds ago
transfer: 2.80 MiB received, 1.09 MiB sent
**Host B**
root@hostb # wg
interface: wg0
public key: PUBLIC-KEY-B
private key: (hidden)
listening port: 51820
peer: PUBLIC-KEY-A
endpoint: 144.76.72.57:51820
allowed ips: 172.24.0.1/32
latest handshake: 21 seconds ago
transfer: 1006.68 KiB received, 2.57 MiB sent
persistent keepalive: every 25 seconds
{{tag>kb linux}}