How to Install and Configure WireGuard VPN on Debian 12 and Linux Mint

WireGuard is a modern, fast, and secure VPN protocol that is easy to set up. In this guide, we will show you how to install and configure a WireGuard server on a Debian 12 VPS and connect to it from a Linux Mint client.

Step 1: Update Your Debian Server

First, ensure your server packages are up-to-date:

sudo apt update && sudo apt upgrade -y

Step 2: Install WireGuard on Debian

sudo apt install wireguard -y
modprobe wireguard

Step 3: Generate Server Keys

wg genkey | tee /etc/wireguard/server_private.key | wg pubkey > /etc/wireguard/server_public.key

Step 4: Configure WireGuard Server

Create the server configuration file /etc/wireguard/wg0.conf:

[Interface]
Address = 10.8.0.1/24
ListenPort = 51820
PrivateKey = <SERVER_PRIVATE_KEY>
SaveConfig = false

# Client 1 example
#[Peer]
#PublicKey = <CLIENT1_PUBLIC_KEY>
#AllowedIPs = 10.8.0.2/32

Replace <SERVER_PRIVATE_KEY> with the contents of /etc/wireguard/server_private.key.

Step 5: Enable IP Forwarding

echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

Step 6: Configure NAT

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo apt install iptables-persistent -y
sudo netfilter-persistent save

Step 7: Start WireGuard Server

sudo systemctl enable wg-quick@wg0
sudo systemctl start wg-quick@wg0
sudo wg

Step 8: Install WireGuard on Linux Mint Client

sudo apt update
sudo apt install wireguard -y
wg --version

Step 9: Generate Client Keys

wg genkey | tee client_private.key | wg pubkey > client_public.key

Step 10: Add Client to Server

Edit /etc/wireguard/wg0.conf on the server:

[Peer]
PublicKey = <CLIENT_PUBLIC_KEY>
AllowedIPs = 10.8.0.2/32

Replace <CLIENT_PUBLIC_KEY> with the contents of client_public.key from the Linux Mint client.

Step 11: Create Client Configuration

Create /etc/wireguard/wg0.conf on Linux Mint:

[Interface]
PrivateKey = <CLIENT_PRIVATE_KEY>
Address = 10.8.0.2/32
DNS = 1.1.1.1

[Peer]
PublicKey = <SERVER_PUBLIC_KEY>
Endpoint = <SERVER_PUBLIC_IP>:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25

Step 12: Start WireGuard Client

sudo wg-quick up wg0

To stop the client:

sudo wg-quick down wg0

Step 13: Automatic Start (Optional)

sudo systemctl enable wg-quick@wg0

Step 14: Verify Connection

sudo wg
ip a

Now your Linux Mint client should be connected securely to the WireGuard server on Debian 12.

Note: Make sure to replace all placeholders like <SERVER_PRIVATE_KEY>, <CLIENT_PRIVATE_KEY>, <CLIENT_PUBLIC_KEY>, and <SERVER_PUBLIC_IP> with the real values from your setup.

Views: 4