Install and configure Wireguard (Attention! THIS ONE IS A WIP)

From the Wireguard project homepage:

WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN…

Prepare the terrain

In this example, we are going to configure WireGuard with the VPN subnet of 10.0.10.0/24, and listening port on 42024/UDP on server side (you can change this if you would like).

In order to set up the server and one client, we will have to create the following:

  • Client private key.
  • Client public key.
  • Server private key.
  • Server public key.
  • Pre-shared key per client.

The pre-shared key (PSK) is an optional security improvement as per the WireGuard protocol in order to add an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.

Generate Server Keys

TODO

Generate Client Keys

TODO

Install Wireguard Tools

We need the wireguard-tools package for userspace utilites (both server and client will use them, since this is a peer-to-peer connection in the end):

$ sudo pacman -S wireguard-tools

OpenWRT

If you are interested in installing Wireguard on your OpenWRT router, then any of these guide are the way to go (I have tried them out myself):

Raspbian

Some time ago I published a Github Repository on how to do this and it is still valid. Feel free to contribute if you run into issues.

References