Install WireGuard VPN Deploy a WireGuard VPN on your HolyCloud VPS to access internal services securely and administer via an encrypted tunnel. ~14 min read Intermediate #wireguard #vpn #network #security Install WireGuard VPN WireGuard is a modern, lightweight, fast VPN. On a HolyCloud Linux VPS, it lets you reach SSH, databases, or panels without exposing them publicly, leaving only the WireGuard UDP port open. Prerequisites HolyCloud VPS Ubuntu/Debian, recent kernel (WireGuard included) sudo access Chosen UDP port (e.g. 51820) open in UFW and HolyCloud firewall Clients: Windows, macOS, Linux, iOS, Android (WireGuard app) Step 1: installation sudo apt update sudo apt install -y wireguard qrencode Step 2: server keys umask 077 wg genkey | tee /etc/wireguard/server_private.key | wg pubkey > /etc/wireguard/server_public.key sudo chmod 600 /etc/wireguard/server_private.key Step 3: server configuration sudo nano /etc/wireguard/wg0.conf [Interface] Address = 10.8.0.1/24 ListenPort = 51820 PrivateKey = CONTENU_DE_server_private.key PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE [Peer] # Client 1 — laptop PublicKey = CLE_PUBLIQUE_CLIENT AllowedIPs = 10.8.0.2/32 Replace eth0 with the public interface (ip -o -4 route show to default | awk '{print $5}'). Generate client keys: wg genkey | tee client1_private.key | wg pubkey > client1_public.key Step 4: IP forwarding and firewall echo 'net.ipv4.ip_forward=1' | sudo tee /etc/sysctl.d/99-wireguard.conf sudo sysctl --system sudo ufw allow 51820/udp comment 'WireGuard' sudo systemctl enable --now wg-quick@wg0 Step 5: client configuration (example) client1.conf file to import in the WireGuard app: [Interface] PrivateKey = CLE_PRIVEE_CLIENT Address = 10.8.0.2/24 DNS = 1.1.1.1 [Peer] PublicKey = CLE_PUBLIQUE_SERVEUR Endpoint = IP_PUBLIQUE_VPS_HOLYCLOUD:51820 AllowedIPs = 10.8.0.0/24 PersistentKeepalive = 25 QR code (mobile): qrencode -t ansiutf8 < client1.conf To route all Internet traffic via the VPS, use AllowedIPs = 0.0.0.0/0, ::/0 (legal responsibility and network load are yours). Verification sudo wg show ping -c 3 10.8.0.2 Client side: tunnel « active », ping 10.8.0.1, SSH via VPN IP: ssh [email protected] HolyCloud help No handshake: check UDP 51820 (UFW + client area), Endpoint, and public keys No Internet via tunnel: ip_forward, MASQUERADE rules, correct network interface HolyCloud support: sudo wg show, default interface, journalctl -u wg-quick@wg0 Continue reading Previous article Install Redis Read Next article Install WordPress on VPS Read
FR