How to setup WireGuard on a Debian-based Linux router

We 're going too install wireguard and qrencode on the router trough running the commands below:

apt install wireguard qrencode

Next step is the creation of a private and a public key for the WireGuard server living on the router.

First step is creating the private key:

wg genkey | sudo tee /etc/wireguard/private.key

Adjust the rights of the file:

chmod go= /etc/wireguard/private.key

Never share the private key, or your VPN will be compromised!

Next step is generating the public from the private key:

cat /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key

After the keys are created we can create a configuration file for WireGuard

nano /etc/wireguard/wg0.conf

Add following settings:

[Interface]
Address = 10.10.10.1
PrivateKey = 
ListenPort = 51820

[Peer]
PublicKey =  
PresharedKey = 
AllowedIPs = 10.10.10.2/32 

Creation of a private, a public and a preshared key for the WireGuard Client on the router:

mkdir -p /etc/wireguard/clients; wg genkey | sudo tee /etc/wireguard/clients/mobile.key | wg pubkey | sudo tee /etc/wireguard/clients/mobile.key.pub; wg genpsk | sudo tee /etc/wireguard/clients/mobile.psk.key

nano /etc/wireguard/clients/mobile.conf

[Interface]
PrivateKey = 
Address = 10.10.10.2/24
DNS = 10.10.10.1

[Peer]
PublicKey = 
PreSharedKey = 
AllowedIPs = 0.0.0.0/0
Endpoint = :

Create QR-code for easy setup on mobile device

cat /etc/wireguard/clients/mobile.conf | qrencode -o wireguard-android-conf.png

Starting WireGuard on the router

wg-quick up wg0

Enable WireGuard after every system reboot

systemctl enable wg-quick@wg0