Configure Linux as a VPN Gateway using WireGuard - Step-by-Step Guide

To configure Linux as a VPN gateway using WireGuard, follow these steps:\n\n1. Install WireGuard:\n - On Debian-based distributions, run: sudo apt-get install wireguard\n - On Red Hat-based distributions, run: sudo dnf install wireguard-tools\n\n2. Generate the private and public keys for the VPN server:\n - Run: wg genkey | sudo tee /etc/wireguard/privatekey | wg pubkey | sudo tee /etc/wireguard/publickey\n\n3. Create the WireGuard configuration file:\n - Run: sudo nano /etc/wireguard/wg0.conf\n - Add the following content to the file:\n\n plaintext\n [Interface]\n Address = 10.0.0.1/24 # Replace with desired IP address and subnet\n PrivateKey = <server_private_key> # Replace with the private key generated in step 2\n\n [Peer]\n PublicKey = <client_public_key> # Replace with the public key of the client\n AllowedIPs = 10.0.0.2/32 # Replace with the IP address of the client\n \n\n4. Enable IP forwarding:\n - Open the sysctl.conf file: sudo nano /etc/sysctl.conf\n - Uncomment the line: net.ipv4.ip_forward=1\n - Save and close the file.\n - Apply the changes: sudo sysctl -p\n\n5. Configure IPTables to allow forwarding:\n - Run the following commands:\n\n plaintext\n sudo iptables -A FORWARD -i wg0 -o eth0 -j ACCEPT\n sudo iptables -A FORWARD -i eth0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT\n sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n \n\n - Replace eth0 with the network interface connected to the internet.\n\n6. Start the WireGuard interface:\n - Run: sudo wg-quick up wg0\n\n7. To make the WireGuard interface start automatically on boot, run:\n - sudo systemctl enable wg-quick@wg0\n\n8. Configure the client:\n - Install WireGuard on the client machine.\n - Generate private and public keys for the client.\n - Create a configuration file on the client with the following content:\n\n plaintext\n [Interface]\n Address = 10.0.0.2/24\n PrivateKey = <client_private_key>\n DNS = 8.8.8.8 # Replace with desired DNS server\n\n [Peer]\n PublicKey = <server_public_key>\n Endpoint = <server_public_ip>:<server_listen_port>\n AllowedIPs = 0.0.0.0/0, ::/0 # Route all traffic through the VPN server\n \n\n - Replace <client_private_key>, <server_public_key>, <server_public_ip>, and <server_listen_port> with the appropriate values.\n\n9. Start the WireGuard interface on the client:\n - Run: sudo wg-quick up <client_configuration_file>\n\nNow, the Linux machine is configured as a VPN gateway using WireGuard, and the client can route its traffic through the VPN server.