To set up a WireGuard VPN server on Debian 10, follow these steps:
sudo apt-get update sudo apt-get install wireguard
sudo su - cd /etc/wireguard umask 077 wg genkey | tee server-privatekey | wg pubkey > server-publickey
The above commands will generate the server-privatekey and server-publickey files, which contain the server's private key and public key, respectively. Repeat the above steps to generate keys for each client that will connect to the VPN.
sudo nano /etc/wireguard/wg0.conf
Add the following lines to the file, replacing the placeholder values with your own values:
[Interface] Address = 10.0.0.1/24 SaveConfig = true PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE ListenPort = 51820 PrivateKey = <server private key>
Replace <server private key> with the contents of the server-privatekey file that you generated in step 2.
sudo apt-get install ufw sudo ufw allow ssh sudo ufw allow 51820/udp sudo ufw enable
sudo wg-quick up wg0
sudo nano /etc/wireguard/wg0.conf
Add a section for each client, using the client's public key and specifying an IP address for the client:
[Peer] PublicKey = <client public key> AllowedIPs = 10.0.0.2/32
Repeat the above step for each client, using a different IP address for each client.
sudo wg-quick down wg0 sudo wg-quick up wg0
That's it! You should now have a WireGuard VPN server up and running on your Debian 10 system. You can use the wg command to manage the server, and clients can connect to the VPN using the WireGuard client software.