WireGuard® offers an extremely fast VPN connection with very little overhead and maintains security with state-of-the-art cryptography. It has the potential to offer a simpler, more secure, more efficient, and easier to use VPN over existing technologies.

The below code snippet will take you through the process of building a Wireguard VPN gateway on Debian Linux

## Add Repos echo "deb http://deb.debian.org/debian/ unstable main" | tee /etc/apt/sources.list.d/unstable-wireguard.list printf "Package: *

Pin: release a=unstable

Pin-Priority: 150

" | tee /etc/apt/preferences.d/limit-unstable ## Update Repo Database apt-get update -y # Upgrade Pre-exsisting packages apt-get upgrade -y # Install Required Packages apt-get install linux-headers-$(uname -r) -y apt-get install wireguard -y # Enable WireGuard Kernle Module modprobe wireguard; # Enable Packet Forwarding sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf sysctl -p; echo 1 > /proc/sys/net/ipv4/ip_forward; # Setup Virtual Network Adapater ip link add dev wg0 type wireguard # Generate Key Pair cd /etc/wireguard umask 077 wg genkey | tee server_private_key | wg pubkey > server_public_key # Build Configuration File PriKey=$(cat /server_private_key) echo " [Interface] Address = 10.0.80.1/24 SaveConfig = true PrivateKey = ListenPort = 51820 PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE [Peer] PublicKey = AllowedIPs = 10.0.80.2/32 " >> wg0.conf # Configure WireGuard Service To Start On Boot systemctl enable wg-quick@wg0-client.service # Bring Up the Wireguard Service wg-quick up wg0 # Kill Wireguard Service wg-quick down wg0 # View Status of Wireguard VPN wg show