debian:other-debian:wireguard-debian

Install VPN-Server on Debian 9.x

Ausgangslage:

  • LAN Network=192.168.1.0/24
  • VPN Network=192.168.100.0/24
  • VPN Port=53666/UDP
# sh -c "echo 'deb http://deb.debian.org/debian buster-backports main contrib non-free' > /etc/apt/sources.list.d/buster-backports.list"
# apt update
# apt install linux-headers-$(uname --kernel-release)
# apt install wireguard

# reboot

# umask 077 && cd /etc/wireguard/
# wg genkey > wg0.conf
# vim /etc/wireguard/wg0.conf

[Interface] 
PrivateKey = <Dein privater Schlüssel [privatekey SERVER 1]> 
Address = 192.168.100.1/24
SaveConfig = true 
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 123

[Peer]
PublicKey = <Öffentlicher Schlüssel von [SERVER 2]>
AllowedIPs = 192.168.0.0/24, 172.31.0.0/24
PersistentKeepalive = 25


# sysctl net.ipv4.ip_forward=1
# vim /etc/sysctl.d/99-sysctl.conf ODER /etc/sysctl.conf

# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.ip_forward=1


# sysctl -p
# systemctl start wg-quick@wg0.service
# systemctl enable wg-quick@wg0.service
# wg

interface: wg0
  public key: g5C+DlBfxAzk+QHU6wSDC9PGKoSHTf5j9NC9fBQcrks=
  private key: (hidden)
  listening port: 53666

  • debian/other-debian/wireguard-debian.txt
  • Last modified: 2021/06/15 16:41
  • by michael