2. Wireguard setup

Wireguard is used to securely establish connections between the differents machines (VPS, server, ...)

To install wireguard :

sudo apt install wireguard
sudo reboot

2.1 Server configuration

Step 1 : generate key pair

wg genkey | sudo tee /etc/wireguard/server_private.key | wg pubkey | sudo tee /etc/wireguard/server_public.key

Step 2: configuration

sudo nano /etc/wireguard/wg0.conf

Template :

[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = <VPS_PRIVATE_KEY> # the value generated at step 1 and available here in the server : /etc/wireguard/server_private.key

[Peer]
PublicKey = <CLIENT_PUBLIC_KEY> # The value generated by the client at step 1 and available here in the server : /etc/wireguard/client_public.key
AllowedIPs = 10.0.0.2/32

Step 3 : open the firewall

sudo ufw allow 51820/udp

Step 4 : start the server

sudo wg-quick up wg0

Step 5 : enable auto restart

sudo systemctl enable wg-quick@wg0

2.2 Client configuration

Step 1 : generate key pair

wg genkey | sudo tee /etc/wireguard/client_private.key | wg pubkey | sudo tee /etc/wireguard/client_public.key

Step 2: configuration

sudo nano /etc/wireguard/wg0.conf

Template :

[Interface]
Address = 10.0.0.2/24
PrivateKey = <CLIENT_PRIVATE_KEY>  # the value generated at step 1 and available here in the client : /etc/wireguard/client_private.key

[Peer]
PublicKey = <VPS_PUBLIC_KEY> # The value generated by the server at step 1 and available here in the server : /etc/wireguard/server_public.key
Endpoint = mathisrevenu.fr:51820
AllowedIPs = 10.0.0.0/24
PersistentKeepalive = 25

Step 3 : configure firewall

sudo ufw allow in on wg0 to any port 443 proto tcp for port 443.

Step 4 : start the server

sudo wg-quick up wg0

Step 5 : enable auto-restart

sudo systemctl enable wg-quick@wg0

Step 6 : test the connection

ping 10.0.0.1 or sudo wg show