1. Install WireGuard:

#sudo apt install wireguard

2. Generate server keys:

On the server:

#umask 077
#wg genkey | tee server_private_key | wg pubkey > server_public_key

To list the server private and public key, write:

#cat server_private_key
#cat server_public_key

3.a. Generate the config file wg0.conf:

Example for Ubuntu WireGuard server CLI:

#nano /etc/wireguard/wg0.conf

Add the following content:

[Interface]
Address = 10.253.4.1/24
SaveConfig = true
PrivateKey = 
ListenPort = 51820

PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens18 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens18 -j MASQUERADE

[Peer]
PublicKey = 
AllowedIPs = 10.253.4.2/32

Note: Substitute "ens18" with the name of the NIC in your KVM.

3.b. On the Client, generate keys:

#wg genkey | tee client_private_key | wg pubkey > client_public_key

List the keys:

#cat client_private_key
#cat client_public_key

Edit the wg0-client.conf file on the client and add the text below:

#nano /etc/wireguard/wg0-client.conf

Add the following content:

[Interface]
Address = 10.253.4.2/32
PrivateKey = 
DNS = 1.1.1.1

[Peer]
PublicKey = 
Endpoint = :51820
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 21

Substitute Client PrivateKey, Server PublicKey, and VPN server address.

4. Enable the WireGuard interface on the server:</strong ```html

Run the following commands:

#chown -v root:root /etc/wireguard/wg0.conf
#chmod -v 600 /etc/wireguard/wg0.conf
#wg-quick up wg0
#systemctl enable wg-quick@wg0.service

Confirm the new interface named wg0 by running:

ifconfig

The output should be something similar to this:

wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
    link/none
    inet 10.200.200.1/24 scope global wg0
       valid_lft forever preferred_lft forever

5. Enable IP forwarding on the WireGuard server:

Edit the file sysctl.conf:

#nano /etc/sysctl.conf

Remove '#' from the line net.ipv4.ip_forward=1.

To apply changes without rebooting:

#sysctl -p
#echo 1 > /proc/sys/net/ipv4/ip_forward

That's it! You should now be able to connect to your WireGuard VPN.

If you need assistance with the setup, feel free to reach out.

```

Ця відповідь Вам допомогла? 7 Користувачі, які знайшли це корисним (8 Голосів)

Найпопулярніші

Install OpenVPN on your Debian/Ubuntu LXC VPS

Install OpenVPN on your LXC VPS (Note: Please open a support-ticket before you install, we need...
Setup PPTP on CentOS 7

This PPTP VPN server works with both CentOS 7 LXC and KVM. 1. Install the following...