To set up a WireGuard VPN server on Debian 10, you will first need to install the WireGuard package by running the following command:
sudo apt install wireguard -y
Next, you will need to generate the necessary key pairs for the server and clients using the wg command:
umask 077
wg genkey | tee privatekey | wg pubkey > publickey
Then create the server configuration file in /etc/wireguard/wg0.conf with the following content:
[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = <server private key>
[Peer]
PublicKey = <client public key>
AllowedIPs = 10.0.0.2/32
Replace the <server private key> with the private key generated earlier and <client public key> with the public key of the client.
You can also configure the firewall to allow traffic to the WireGuard VPN server.
sudo apt install iptables-persistent -y
sudo iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT
sudo iptables -A FORWARD -i wg0 -j ACCEPT
sudo iptables -A FORWARD -o wg0 -j ACCEPT
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo netfilter-persistent save
Finally, activate the WireGuard interface and enable it to start at boot time by running:
sudo wg-quick up wg0
sudo systemctl enable wg-quick
You have now set up a WireGuard VPN server on Debian 10. You can now proceed to configure the client by using the server’s public key and the client’s private key in the client’s configuration file.