Backport Repository für Debian Buster
Code: Select all
echo 'deb http://deb.debian.org/debian buster-backports main contrib non-free' > /etc/apt/sources.list.d/buster-backports.list;
Code: Select all
apt update;
apt install wireguard wireguard-dkms wireguard-tools pve-headers
Code: Select all
reboot
Code: Select all
dkms autoinstall
Code: Select all
echo "wireguard" >> /etc/modules-load.d/modules.conf
Code: Select all
modprobe wireguard
Wireguard Server konfigurieren
Server
Code: Select all
cd /etc/wireguard/;
umask 077; wg genkey | tee privatekey | wg pubkey > publickey
Code: Select all
echo "privatkey: "$(cat privatekey);
echo "publickey: "$(cat publickey);
Code: Select all
rtouch wg0.conf && echo "## Set Up WireGuard VPN on Debian By Editing/Creating wg0.conf File ##" > wg0.conf;
echo "[Interface]" >> wg0.conf;
echo "## My VPN server private IP address ##" >> wg0.conf;
echo "Address = 10.100.20.1/24" >> wg0.conf;
echo " " >> wg0.conf;
echo "## My VPN server port ##" >> wg0.conf;
echo "ListenPort = 62100" >> wg0.conf;
echo " " >> wg0.conf;
echo "## VPN server's private key i.e. /etc/wireguard/privatekey ##" >> wg0.conf;
echo "PrivateKey = "$(cat privatekey) >> wg0.conf;
echo " " >> wg0.conf;
echo "PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o < network interface > -j MASQUERADE" >> wg0.conf;
echo "PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o < network interface > -j MASQUERADE" >> wg0.conf;
echo " " >> wg0.conf;
echo "## Save and update this config file when a new peer (vpn client) added ##" >> wg0.conf;
echo "SaveConfig = true" >> wg0.conf;
echo " " >> wg0.conf;
echo "[Peer]" >> wg0.conf;
echo "PublicKey = <Client Public Key>" >> wg0.conf;
echo "AllowedIPs = 10.100.20.2/24" >> wg0.conf;
Code: Select all
wg-quick up wg0
Code: Select all
sudo systemctl enable wg-quick@wg0
Code: Select all
sudo wg show
Code: Select all
sudo ifconfig wg0
Client
Code: Select all
cd /etc/wireguard/;
umask 077; wg genkey | tee privatekey | wg pubkey > publickey
Code: Select all
wg-quick down wg0
Code: Select all
echo "privatkey: "$(cat privatekey);
echo "publickey: "$(cat publickey);
Code: Select all
rtouch wg0.conf && echo "## Set Up WireGuard VPN on Debian By Editing/Creating wg0.conf File ##" > wg0.conf;
echo "[Interface]" >> wg0.conf;
echo "## My VPN server private IP address ##" >> wg0.conf;
echo "Address = 10.100.20.2/24" >> wg0.conf;
echo " " >> wg0.conf;
echo "## My VPN server port ##" >> wg0.conf;
echo "ListenPort = 62100" >> wg0.conf;
echo " " >> wg0.conf;
echo "## VPN server's private key i.e. /etc/wireguard/privatekey ##" >> wg0.conf;
echo "PrivateKey = "$(cat privatekey) >> wg0.conf;
echo " " >> wg0.conf;
echo "PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o < network interface > -j MASQUERADE" >> wg0.conf;
echo "PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o < network interface > -j MASQUERADE" >> wg0.conf;
echo " " >> wg0.conf;
echo "## Save and update this config file when a new peer (vpn client) added ##" >> wg0.conf;
echo "SaveConfig = true" >> wg0.conf;
echo " " >> wg0.conf;
echo "[Peer]" >> wg0.conf;
echo "PublicKey = <Server Public key>" >> wg0.conf;
echo "Endpoint = <Server Public IP>:62100" >> wg0.conf;
echo "AllowedIPs = 10.100.20.2/24" >> wg0.conf;
Code: Select all
wg-quick up wg0
Code: Select all
sudo systemctl enable wg-quick@wg0
Code: Select all
sudo wg show
Code: Select all
sudo ifconfig wg0
nftable Firewall
Server
Code: Select all
ip saddr <Client Public IP> udp dport { 62100 } accept
Code: Select all
ip saddr <Server Public IP> udp dport { 62100 } accept