Kali Linux

How to Install and Configure WireGuard on Kali Linux

WireGuard is a simple and fast open-source VPN tunneling service built with high-end cryptographic technologies. It is very easy to set up and use, and many consider it better than OpenVPN or IPSec. WireGuard is also cross-platform and supports embedded devices.

WireGuard works by setting up virtual network interfaces such as wlan0 or eth0 that can be managed and controlled like normal network interfaces, helping configure and manage the WireGuard easily using net-tools and other network managing tools.

This guide will show you how to set up a WireGuard client and server on a Kali Linux system.

Let us start by installing WireGuard on the system.

Installing WireGuard

Depending on the version of Kali Linux you are running, you should have WireGuard apt repositories.  Update your system using the commands:

sudo apt-get update

sudo apt-get upgrade

Next, enter a simple apt command to install WireGuard:

sudo apt-get install –y wireguard

Once we have WireGuard installed on the system, we can proceed to configure it.

Configuring WireGuard Server

WireGuard security operates on SSH key-value pairs, which are very easy to configure. Start by creating a .wireguard directory.

mkdir ~/.wireguard

cd ~/.wireguard

Next, set read, write, and execute permissions.

umask 077

Now we can generate the key-value pairs using the command:

wg genkey | tee privatekey | wg pubkey > publickey

Next, copy the contents of the private key:

cat privatekey

Once you have the contents of the private key copied to your clipboard, create a WireGuard configuration file in /etc/wireguard/wg0.conf

In the file, add the following lines:

Interface]

Address = SERVER_IP

SaveConfig = true

ListenPort = 51820

PrivateKey = SERVER_PRIVATE_KEY

 

[Peer]

PublicKey = CLIENT_PUBLIC_KEY

AllowedIPs = CLIENT_IP

In the address, add the IP address of the hosting server. For PrivateKey, enter the contents of the private key you copied previously.

In the peer section, add the public key for the client and the IP address.

Once you have the configuration file set up, set the VPN server to launch at startup.

sudo systemctl enable wg-quick@wg0

Finally, start the WireGuard service on the server:

sudo wg-quick up wg0

 Configuring WireGuard Client

Next, we need to configure the WireGuard client. Ensure you have WireGuard installed on the system.

Generate Key value pairs as well.

wg genkey | tee privatekey | wg pubkey > publickey

umask u=rwx,go= && cat /etc/wireguard/wg0.conf  << EOF

[Interface]

Address = CLIENT_IP

PrivateKey = CLIENT PRIVATE KEY

 

[Peer]

PublicKey = SERVER PUBLIC KEY

Endpoint = SERVER_IP:51820

AllowedIPs = 0.0.0.0/0

PersistentKeepalive = 21

EOF

Finally, save the file and enable the VPN:

sudo wg-quick up wg0

You can verify the connection with the command:

sudo wg

 Conclusion

Setting up WireGuard is easy and efficient. Once set up, you can use it in a wide variety of cases. With what you’ve learned from this guide, you can test and see if it works better than other VPN services.

About the author

John Otieno

John Otieno

My name is John and am a fellow geek like you. I am passionate about all things computers from Hardware, Operating systems to Programming. My dream is to share my knowledge with the world and help out fellow geeks. Follow my content by subscribing to LinuxHint mailing list