Install and configure Wireguard (Attention! THIS ONE IS A WIP)
From the Wireguard project homepage:
WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN…
Prepare the terrain
In this example, we are going to configure WireGuard with the VPN subnet of 10.0.10.0/24, and listening port on 42024/UDP on server side (you can change this if you would like).
AttentionThe default Wireguard port is 51820/UDP, but as a rule of thumb, let's not use the default one in order to create a tiny layer of extra security which will make the process a bit harder to discover if someone is scanning your ports.
In order to set up the server and one client, we will have to create the following:
- Client private key.
- Client public key.
- Server private key.
- Server public key.
- Pre-shared key per client.
The pre-shared key (PSK) is an optional security improvement as per the WireGuard protocol in order to add an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
Generate Server Keys
Generate Client Keys
Install Wireguard Tools
We need the
wireguard-tools package for userspace utilites (both server and client will use them, since this is a peer-to-peer connection in the end):
$ sudo pacman -S wireguard-tools
If you are interested in installing Wireguard on your OpenWRT router, then any of these guide are the way to go (I have tried them out myself):
Some time ago I published a Github Repository on how to do this and it is still valid. Feel free to contribute if you run into issues.
- Wireguard Website
- Wireguard Quick Start Guide
- Wireguard Command Line Interface
- Wireguard Arch Linux Wiki
- Create a Point to Point Wireguard VPN on Ubuntu
- What they do not tell about setting a Wireguard VPN