Debian 10 Buster setup Wireguard VPN

Installation step

Updated Feb 12, 2020

// Ubuntu
add-apt-repository ppa:wireguard/wireguard
apt-get update
apt-get install wireguard
 
// Debian10
Install linux-headers first (Hetnzer VPS issue)

// Echo into apt source
echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list

printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable

apt update
apt install linux-headers-$(uname -r)
apt install wireguard 

Generate the public and private key

(umask 077 && printf "[Interface]\nPrivateKey = " | sudo tee /etc/wireguard/wg0.conf > /dev/null)

wg genkey | sudo tee -a /etc/wireguard/wg0.conf | wg pubkey | sudo tee /etc/wireguard/publickey

Edit the wg0.conf file

## Vultr server has to change eth0 into ens3
# Edit wg0.conf
nano /etc/wireguard/wg0.conf

[Interface]
PrivateKey = YOUR_PRIVATE_KEY
ListenPort = 1723 # UDP
Address = 10.8.3.1/32, fd42:42:44::1/64

PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
#SaveConfig = true

## Generate from Android or other device
PublicKey = PUBLIC_KEY_ON_ANDROID
AllowedIPs = xxxx 

Save and fire it up!

wg-quick down wg0
wg-quick up wg0

Make it auto start on boot

systemctl enable [email protected]

Enable port forwarding

nano /etc/sysctl.conf 

net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1

//Save
sysctl -p 

Client config

[Interface]
PrivateKey = <Output of privatekey file that contains your private key>
Address = 10.8.3.14/32, fd42:42:44::14/64
DNS= 10.8.3.1
 
[Peer]
PublicKey = <Server's public key from *wg show* command on server>
Endpoint = <Linux server's Public IP>:993
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 25

Updated on April 13 2019

If you using Google cloud with one-key Wireguard setup, and facing following error

$ ip link add dev wg0 type wireguard
RNETLINK answers: Operation not supported 

Solution

// Get latest linux-header
apt-get install libmnl-dev libelf-dev linux-headers-$(uname -r) build-essential pkg-config

// install wiregurad-tools again
apt-get install wireguard-dkms wireguard-tools

// Done
Credit: https://askubuntu.com/questions/973297/rnetlink-answers-operation-not-supported-fresh-ubuntu-fresh-wireguard

Photo by Matteo Catanese on Unsplash

[Interface]
PrivateKey = 
#Publickey = 
ListenPort = 1723
Address = 10.8.3.1/24, fd42:42:44::1/64

PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o ens3 -j MASQUERADE

[Peer]
# Mbpr 15 coolbitx
PublicKey = A6RfZTadqUZEsJXq+tg6H2NeaxB5FmzcVhVwJ/uoUUw=

AllowedIPs = 10.8.3.10/32, fd42:42:44::10/128
[Peer]
#Mbpr 15 personal
PublicKey = kyekTDeE0s3Xm/uB3XHQTjGWxPvuBrc97vTSm05ngXE=

AllowedIPs = 10.8.3.11/32, fd42:42:44::11/128
[Peer]
# Iphone se
PublicKey = wMfGWgZlJ2RnOqy49Ho5iYFz3W+N2L19aD1MuwjOyDQ=

AllowedIPs = 10.8.3.12/32, fd42:42:44::12/128
[Peer]
# Iphone 11
PublicKey = ppyQ2za4zi8nFQyb3M+6MRwUee50tVweGBVaygCUe1o=

AllowedIPs = 10.8.3.13/32, fd42:42:44::13/128
[Peer]
# Oneplus
PublicKey = 0UTsdJqCxxL429tzWZnuyFjmlrpcR1sud7pAMys6HFc=

AllowedIPs = 10.8.3.14/32, fd42:42:44::14/128
[Peer]
# Ipad
PublicKey = WemttxN/Lt/260DOZAB3OC7Pfbea/UmBqfVeAnJa7BI=

AllowedIPs = 10.8.3.15/32, fd42:42:44::15/128
[Peer]
# Asus
PublicKey = GjajCWaFagQTwL9xLnB1b3S3I2xi7W0ZxtsxL4Cjk2E=

AllowedIPs = 10.8.3.16/32, fd42:42:44::16/128
[Peer]
#
PublicKey = j5thMmwrl9FE/BqjJr0I8x4UYJxxWPsHw06Y3J+qigQ=

AllowedIPs = 10.8.3.17/32, fd42:42:44::17/128