Install WireGuard VPN on Debian 12

Introduction

WireGuard is a modern VPN that is fast, simple, and secure. This guide walks you through the steps of installing WireGuard on Debian 12.

Prerequisites

• A Debian 12 server
• Access to the terminal or command line
• Root privileges or a user with sudo access

Step 1: Update the System

Before installing WireGuard, ensure your system package index is up to date:

sudo apt update
sudo apt upgrade -y

Step 2: Install WireGuard

Install WireGuard using the following command:

sudo apt install wireguard

Step 3: Generate Key Pair

WireGuard uses public and private keys for authentication. Generate a key pair with:

wg genkey | tee privatekey | wg pubkey > publickey

This will create two files: privatekey and publickey in your current directory.

Step 4: Configure WireGuard

Create a configuration file for WireGuard:

sudo nano /etc/wireguard/wg0.conf

Insert the following configuration, replacing YOUR_PRIVATE_KEY and YOUR_SERVER_IP accordingly:

[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = YOUR_PRIVATE_KEY

[Peer]
PublicKey = PEER_PUBLIC_KEY
AllowedIPs = 10.0.0.2/32

Step 5: Enable IP Forwarding

To allow traffic to be forwarded, enable IP forwarding:

echo "net.ipv4.ip_forward = 1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

Step 6: Start the WireGuard Service

To start the WireGuard service, use:

sudo systemctl start wg-quick@wg0

Enable WireGuard on Startup

To enable WireGuard to start on boot, run:

sudo systemctl enable wg-quick@wg0

Step 7: Check the Status

To check if the WireGuard service is running, execute:

sudo systemctl status wg-quick@wg0

Step 8: Configure Firewall (Optional)

If you are using a firewall, make sure to allow the WireGuard port (51820 by default):

sudo ufw allow 51820/udp

Conclusion

You have successfully installed WireGuard VPN on your Debian 12 system. You can now configure clients to connect to your VPN.

Resources

• WireGuard Official Website
• WireGuard Quickstart Guide