WireGuard is a modern, secure, and fast VPN (Virtual Private Network) technology that can be used to establish a secure connection between two or more devices. It is designed to be easy to use and can be set up quickly on a Linux system.
Here is how you can set up WireGuard firewall rules in Linux:
WireGuard can be installed on most major Linux distributions using the package manager. For example, on Ubuntu or Debian, you can use the following command to install WireGuard:
sudo apt install wireguardSouecr:www.lautturi.com
On Fedora or CentOS, you can use the following command:
sudo yum install wireguard-tools
The WireGuard configuration file defines the VPN tunnel and specifies the firewall rules for the VPN connection. You can create a configuration file using the wg command-line tool.
To create a configuration file, run the following command:
sudo wg genkey | sudo tee /etc/wireguard/privatekey | sudo wg pubkey | sudo tee /etc/wireguard/publickey
This will generate a private and a public key and store them in the /etc/wireguard directory.
Next, you need to edit the WireGuard configuration file and specify the firewall rules for the VPN connection. The configuration file is typically stored in the /etc/wireguard directory and is named wg0.conf.
Open the configuration file in a text editor and add the following lines:
[Interface] Address = 192.168.1.1/24 PrivateKey = <private key> ListenPort = 51820 [Peer] PublicKey = <public key> AllowedIPs = 192.168.1.2/32
Replace the <private key> and <public key> placeholders with the private and public keys that you generated in step 2.
The Address parameter specifies the IP address of the VPN server, and the ListenPort parameter specifies the port number on which the VPN server will listen for incoming connections.
The [Peer] section defines the firewall rules for the VPN client. The PublicKey parameter specifies the public key of the VPN client, and the AllowedIPs parameter specifies the IP address range that the VPN client is allowed to access.
To enable and start the WireGuard service, use the following commands:
sudo systemctl enable wg-quick@wg0 sudo systemctl start wg-quick@wg0
This will start the WireGuard service and establish the VPN connection.
To test the VPN connection, you can try pinging the VPN client from the VPN server or vice versa. For example, if the VPN client has the IP address 192.168.1.2, you can use the following command to ping it from the VPN server:
ping 192.168.1.2
If the VPN connection is working properly, you should see the ping reply from the VPN client.