VPN (Detail)
Links
Testing on kb-vpn server and X220 laptop…
Create a Droplet on Digital Ocean (smallest one possible).
ssh into the server, then apt update and apt upgrade
Tip
The following needs to be done on all the peers (client and server)
Install:
sudo -i
apt install wireguard
Create keys:
cd /etc/wireguard/
umask 077
wg genkey | tee privatekey | wg pubkey > publickey
Tip
umask 077 sets the default for files created from this point.
Create /etc/wireguard/wg0.conf:
vim /etc/wireguard/wg0.conf
In /etc/wireguard/wg0.conf on the server:
[Interface]
Address = 10.10.2.1
PrivateKey = <server's privatekey>
ListenPort = 51820
[Peer]
PublicKey = <client1's publickey>
AllowedIPs = 10.10.2.2/32
[Peer]
PublicKey = <client2's publickey>
AllowedIPs = 10.10.2.3/32
On the server, /etc/sysctl.conf:
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
In /etc/wireguard/wg0.conf on the clients:
[Interface]
Address = 10.10.2.2
PrivateKey = <client's privatekey>
# 13/11/2020, Malcolm thinks we don't need a 'ListenPort' on the client
# ListenPort = 51820
[Peer]
PublicKey = <server's publickey>
Endpoint = <server's ip>:51820
AllowedIPs = 10.10.2.0/24
# This is for if you're behind a NAT and want the connection to be kept alive.
PersistentKeepalive = 25
To test the VPN, run the following:
wg-quick up wg0
# to take the interface down
wg-quick down wg0
Auto-start the service:
systemctl enable wg-quick@wg0.service
To start or stop the service:
sudo systemctl start wg-quick@wg0.service
sudo systemctl stop wg-quick@wg0.service