WireGuard is a new generation VPN protocol, which currently supports Linux, macOS, Android, iOS and OpenWrt platforms. Using the most advanced encryption technology (Curve25519 is used for key exchange, ChaCha20 and Poly1305 are used for data authentication, and BLAKE2 is used for hashing), there is no doubt about the security. WireGuard uses UDP protocol to transmit data. The one-click installation method is recommended here to establish the server side, the process is very simple.
Take the Debian 10.1 system as an example, first log in to the remote host with Bitvise SSH Client and open the terminal. Then enter the following command to download the installation script:
curl -O https://raw.githubusercontent.com/vpn69/vpn/main/wireguard-install.sh
Grant execution permissions:
chmod +x wireguard-install.sh
Execute the script to install WireGuard:
Press any key to continue installation:
As shown in the figure above, when the installation is here, you will be prompted to enter the client name, the example is vpn1, press Enter.
As shown in the above picture, the QR code of the client configuration file appears, you can scan and save it for future use.
As shown above, the installation process is complete. View VPN status:
systemctl status wg-quick@wg0
As shown above, VPN has been activated. If the display is not the green "active", but the red "failed", it does not start successfully, then you need to restart the system:
reboot /// Enter
After the system restarts, the Bitvise SSH Client remote connection will be disconnected, and then reconnect and check the VPN status to confirm whether the VPN has been successfully started.
Here are a few related commands (spare):
systemctl start wg-quick@wg0 # 启动VPN systemctl stop wg-quick@wg0 # 停止VPN systemctl restart wg-quick@wg0 # 重启VPN wg # View wg0 interface settings （Especially to see what the listening port is) ip a show wg0 #View the IP address of the wg0 interface
The configuration file wg0-client-vpn1.conf (location path: /root) can be downloaded:
Firewall settings: During the installation process, a server port will be automatically generated. In the previous example, it is 65323 (you need to use the wg command to check how much it is for your own installation), so open this port in the firewall. Edit the settings with the following command:
Add a line of settings:
-A INPUT -p udp -m udp --dport 65323 -j ACCEPT
Ctrl+X to save changes and exit. Execute the following command to load the rules:
For client download and installation, please see: WireGuard client