Creating a Wireguard VPN Server on a Raspberry Pi 4

Raspberry Pi Logo and Wireguard Logo
Raspberry Pi and Wireguard Logo

Wireguard VPN Features

Setting up the Raspberry PI4

Raspberry PI 4 kit as available online
Raspberry PI 4 Kit
Unboxed content of Raspberry PI 4 kit with its content
Contents of Starter Kit
First login to the Raspberry Pi
First login in Raspberry Pi OS
Raspberry PI config
raspi-config menu
  1. Change the password for the ‘pi’ user (Option 1)
  2. Configure the RPi to your timezone (Option 4 ‘Localisation Options’, then ‘I2 Change Timezone’)
  3. Expand the filesystem (Option 7 ‘Advanced Options’, then ‘A1- Expand file system’
  4. Exit raspi-config, which will ask for a reboot.

Setting up Wireguard on the Raspberry PI 4

sudo apt install raspberrypi-kernel-headers libelf-dev libmnl-dev build-essential git -y
git clone https://git.zx2c4.com/wireguard-linux-compat && git clone https://git.zx2c4.com/wireguard-toolsmake -C wireguard-linux-compat/src -j$(nproc)
sudo make -C wireguard-linux-compat/src install
make -C wireguard-tools/src -j$(nproc)
sudo make -C wireguard-tools/src install
sudo sysctl net.ipv4.ip_forward
echo "net.ipv4.ip_forward=1" |  sudo tee -a /etc/sysctl.d/01-custom.conf
sudo sysctl --system
sudo sysctl net.ipv4.ip_forward

Creation of Public / Private Keys

sudo su
cd /etc/wireguard
umask 077
wg genkey | tee server_privatekey | wg pubkey > server_publickey
wg genkey | tee peer1_privatekey | wg pubkey > peer1_publickey
exit

Server configuration

[Interface]
Address = 10.9.0.1/24
ListenPort = <ListenPort>
DNS = <IP DNS Server>
PrivateKey = <content server_privatekey>
[Peer]
#Peer-1
PublicKey = <content peer1_publickey>
AllowedIPs = 10.9.0.2/32
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o <Interface> -j MASQUERADEPostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o <Interface> -j MASQUERADE#PersistentkeepAlive = 60
[Interface]
Address = 10.9.0.2/32
DNS = <IP DNS Server>
PrivateKey = <content peer1_privatekey>
[Peer]
PublicKey = <content server_publickey>
Endpoint = <Endpoint reachable over Internet>
AllowedIPs = 0.0.0.0/0, ::/0
#PersistentkeepAlive = 60
sudo apt install qrencode -y
sudo qrencode -t ansiutf8 < /etc/wireguard/peer1.conf

Last steps

sudo systemctl enable wg-quick@wg0
sudo chown -R root:root /etc/wireguard/
sudo chmod -R og-rwx /etc/wireguard/

Steps for adding another peer

sudo su
cd /etc/wireguard
umask 077
wg genkey | tee peern_privatekey | wg pubkey > peern_publickey
chown -R root:root /etc/wireguard/
chmod -R og-rwx /etc/wireguard/
exit

--

--

--

Freelance IT-Consultant 🧑🏽‍💻with a focus on IT project management, IT architecture, and IT-Security. https://amp-digital.de

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Blog #3 - Security Risks and Confidentiality Concerns: The Most Common Misconceptions about…

Gta Online Casino Blocked

The Politics of AML — Socio-Political Considerations for Money Laundering Regulation

EGAME Token Release Schedule (29 September 2021–01 March 2023)

TRY HACK ME: Red Team Threat Intel Write-Up

{UPDATE} Guess the Tank quiz Hack Free Resources Generator

{UPDATE} 遇見逆水寒-遇見宿世之戀 Hack Free Resources Generator

{UPDATE} All 4 One Word - Whiz : Den # 1 huskespil for børn og voksne .

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Anton Pütz

Anton Pütz

Freelance IT-Consultant 🧑🏽‍💻with a focus on IT project management, IT architecture, and IT-Security. https://amp-digital.de

More from Medium

Simple Raspberry Pi Lite setup with SSH and VS Code from Linux Mint

How to Install Arduino CNC SHIELD GRBL

Setup OpenOCD with JTAG + UART on raspberry pi 4 using FT232H

DIY PROJECTS, NEWS, RASPBERRY PI