Install WireGuard VPN Client on Rocky Linux/Ubuntu/Debian

0
63

This guide will take you through how to install WireGuard VPN Client on Rocky Linux/Ubuntu/Debian. If you are using WireGuard as your VPN server, then you might want to configure your end points as VPN clients.

To learn how to configure WireGuard VPN server on Rocky Linux 8, follow the guide below;

Install WireGuard VPN Server on Rocky Linux

Install WireGuard VPN Client on Rocky Linux/Ubuntu/Debian

Install WireGuard VPN client on Rocky Linux 8

Run the commands below to install WireGuard VPN client on Rocky Linux 8.

dnf install elrepo-release epel-release -y
dnf install kmod-wireguard wireguard-tools -y

Install WireGuard VPN client on Ubuntu

apt update
apt install wireguard resolvconf -y

Install WireGuard VPN client on Debian

echo 'deb http://deb.debian.org/debian buster-backports main contrib non-free' > /etc/apt/sources.list.d/buster-backports.list
apt update
apt upgrade
apt install wireguard resolveconf -y

Configure WireGuard VPN Client on Rocky Linux/Debian/Ubuntu

Generate the WireGuard VPN Client Private and public keys

In our previous guide, we already have generated the keys for our three test clients.

Hence, we will just copy the respective keys to the respective clients.

[[ -d /etc/wireguard/ ]] || mkdir /etc/wireguard/

We have already copied the client keys to the respective clients;

On Debian client

ls -1 /etc/wireguard/
debian.key
debian.pub.key
wireguard.pub.key

On Ubuntu client

ls -1 /etc/wireguard/
ubuntu.key
ubuntu.pub.key
wireguard.pub.key

On Rocky Linux client;

ls -1 /etc/wireguard/
rocky8.key
rocky8.pub.key
wireguard.pub.key

Create WireGuard VPN Client Configuration

On each client system, create the configuration file. You would simply run the command below to create the configuration file.

Replace the client IP addresses and Private keys accordingly.

Ubuntu Client

cat > /etc/wireguard/wg0.conf << 'EOL'
[Interface]
PrivateKey = qJ2Sczxh8QWO5ZHlN+zZ4IaaMzmnMtgITLfQ0cam82M=
Address = 10.8.0.10
DNS = 8.8.8.8

[Peer]
PublicKey = 60UScq0EQ7ZHXIdHcOnjFYK6N/TLtmtPGTBqLwLd0WY=
AllowedIPs = 10.8.0.0/24
Endpoint = 192.168.60.19:51820
PersistentKeepalive = 20
EOL

For other Clients for example;

cat > /etc/wireguard/wg0.conf << 'EOL'
[Interface]
PrivateKey = UMXEH1lTn7OF+fgBswsdDJU6NAu7N5or43FPWP1EyWY=
Address = 10.8.0.20
DNS = 8.8.8.8

[Peer]
PublicKey = 60UScq0EQ7ZHXIdHcOnjFYK6N/TLtmtPGTBqLwLd0WY=
AllowedIPs = 10.8.0.0/24
Endpoint = 192.168.60.19:51820
PersistentKeepalive = 20
EOL
cat > /etc/wireguard/wg0.conf << 'EOL'
[Interface]
PrivateKey = kIn6rA7W9MbGdZxRtziFN1DCJsqCi/hAdwhyH76cyU4=
Address = 10.8.0.30
DNS = 8.8.8.8

[Peer]
PublicKey = 60UScq0EQ7ZHXIdHcOnjFYK6N/TLtmtPGTBqLwLd0WY=
AllowedIPs = 10.8.0.0/24
Endpoint = 192.168.60.19:51820
PersistentKeepalive = 20
EOL

Configure WireGuard VPN Server to Allow VPN Clients Connections

On your WireGuard VPN Server, you need to enable VPN clients peer to peer connections.

To enable this, you need to obtain the Public keys for each client. For example, in my setup, I have three clients whose public keys are generated already.

This has been done already in our WireGuard VPN Server setup. Check the link below;

Configure WireGuard VPN Server to Allow VPN Clients Connections

Running WireGuard VPN Client Service

On the WireGuard VPN Clients, you can start the service now;

systemctl start [email protected]

Checking the status;

systemctl status [email protected]
[email protected] - WireGuard via wg-quick(8) for wg0
     Loaded: loaded (/lib/systemd/system/[email protected]; disabled; vendor preset: enabled)
     Active: active (exited) since Sun 2021-07-04 06:35:16 UTC; 56s ago
       Docs: man:wg-quick(8)
             man:wg(8)
             https://www.wireguard.com/
             https://www.wireguard.com/quickstart/
             https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
             https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
    Process: 2016 ExecStart=/usr/bin/wg-quick up wg0 (code=exited, status=0/SUCCESS)
   Main PID: 2016 (code=exited, status=0/SUCCESS)

Jul 04 06:35:16 ubuntu20 systemd[1]: Starting WireGuard via wg-quick(8) for wg0...
Jul 04 06:35:16 ubuntu20 wg-quick[2016]: [#] ip link add wg0 type wireguard
Jul 04 06:35:16 ubuntu20 wg-quick[2016]: [#] wg setconf wg0 /dev/fd/63
Jul 04 06:35:16 ubuntu20 wg-quick[2016]: [#] ip -4 address add 10.8.0.10 dev wg0
Jul 04 06:35:16 ubuntu20 wg-quick[2016]: [#] ip link set mtu 1420 up dev wg0
Jul 04 06:35:16 ubuntu20 wg-quick[2016]: [#] ip -4 route add 10.8.0.0/24 dev wg0
Jul 04 06:35:16 ubuntu20 systemd[1]: Finished WireGuard via wg-quick(8) for wg0.

Once done on all clients, check IP address assignment.

ip add show wg0

Ubuntu;

6: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
    link/none 
    inet 10.8.0.10/32 scope global wg0
       valid_lft forever preferred_lft forever

Debian;

3: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
    link/none 
    inet 10.8.0.20/32 scope global wg0
       valid_lft forever preferred_lft forever

Rocky Linux client;

5: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
    link/none 
    inet 10.8.0.30/32 scope global wg0
       valid_lft forever preferred_lft forever

Verify Interconnection Between VPN Server and Clients

Now, try to ping the vpn server;

ping 10.8.0.1 -c 3
PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.
64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=2.29 ms
64 bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=2.06 ms
64 bytes from 10.8.0.1: icmp_seq=3 ttl=64 time=2.26 ms

--- 10.8.0.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 53ms
rtt min/avg/max/mdev = 2.057/2.202/2.291/0.110 ms

Ping each client from one another;

ping 10.8.0.10 -c 4
PING 10.8.0.10 (10.8.0.10) 56(84) bytes of data.
64 bytes from 10.8.0.10: icmp_seq=1 ttl=63 time=3.41 ms
64 bytes from 10.8.0.10: icmp_seq=2 ttl=63 time=3.63 ms
64 bytes from 10.8.0.10: icmp_seq=3 ttl=63 time=3.69 ms
64 bytes from 10.8.0.10: icmp_seq=4 ttl=63 time=3.67 ms

--- 10.8.0.10 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 83ms
rtt min/avg/max/mdev = 3.405/3.596/3.686/0.120 ms

And that concludes our guide on how to install WireGuard VPN client on Rocky Linux/Ubuntu/Debian.

Other Tutorials

Install FortiClient VPN Client on Ubuntu 20.04/Ubuntu 18.04

How to Monitor OpenVPN Connections using openvpn-monitor tool

LEAVE A REPLY

Please enter your comment!
Please enter your name here