WireGaurd on Debian 12 - Omid-Mohajerani/Learn-Kamailio GitHub Wiki

On Server Step 1:

sudo apt update && sudo apt install wireguard
cd /etc/wiregaurd/
wg genkey | tee /etc/wireguard/privatekey | wg pubkey > /etc/wireguard/publickey
vim /etc/wireguard/wg0.conf

[Interface]
Address = 10.200.200.1/24
SaveConfig = true
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT;iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE;
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT;iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE;
ListenPort = 51820
PrivateKey = +B7ohNzRPcrJSCBioC1wQZNs10XmA26QZqtRhQcVnGE=

vim /etc/sysctl.conf

enable net.ipv4.ip_forward=1

sysctl -p

up the interface

wg-quick up wg0

On Client

sudo apt update && sudo apt install wireguard
cd /etc/wiregaurd/
wg genkey | tee /etc/wireguard/privatekey | wg pubkey > /etc/wireguard/publickey
vim /etc/wireguard/wg0-client.conf

[Interface]
PrivateKey=sDqCZdemUd1lF+xrYRPWPzPRN84DP0lsUUzzyxkXTEI=
Address = 10.200.200.2/32

[Peer]
# This is server public key that you need to use here
PublicKey=aib41OyjlMi6ztXuG/OuOtLRl56/YYD671icHi2z7AU=
Endpoint=209.38.232.150:51820
AllowedIPs=10.200.200.1/32
PersistentKeepalive=25

up the interface

wg-quick up wg0-client

On Server Step 2:

Use the public Key of the client. you can get it by running wg show on the client

wg set wg0 peer zrvCVbuR7LpPZnq253+0froMajstVS/PmdXzJ1fKeC8= allowed-ips 10.200.200.2/32

Verification:

On the client:

root@asterisk18:/etc/wireguard# wg show
interface: wg0-client
  public key: zrvCVbuR7LpPZnq253+0froMajstVS/PmdXzJ1fKeC8=
  private key: (hidden)
  listening port: 43660

peer: aib41OyjlMi6ztXuG/OuOtLRl56/YYD671icHi2z7AU=
  endpoint: 209.38.232.150:51820
  allowed ips: 10.200.200.1/32
  latest handshake: 2 minutes, 13 seconds ago
  transfer: 15.22 KiB received, 19.34 KiB sent
  persistent keepalive: every 25 seconds

On the Server:

root@Kamailio:/etc/wireguard# wg show
interface: wg0
  public key: aib41OyjlMi6ztXuG/OuOtLRl56/YYD671icHi2z7AU=
  private key: (hidden)
  listening port: 51820

peer: zrvCVbuR7LpPZnq253+0froMajstVS/PmdXzJ1fKeC8=
  endpoint: 79.197.20.119:43660
  allowed ips: 10.200.200.2/32
  latest handshake: 1 minute, 57 seconds ago
  transfer: 15.58 KiB received, 15.22 KiB sent

Run it as a service

On the server

wg-quick down wg0
systemctl enable [email protected]
systemctl start [email protected]

On the Client

wg-quick down wg0-client
systemctl enable [email protected]
systemctl start [email protected]