wireguard
About
Mainlined with Linux 5.6. No DKMS needed anymore.
Installation
1 aptitude install wireguard
With linux version < 5.6, this will also install wireguard-dkms as a dependency, an out-of-tree module, yet. With DKMS you will be forced to disable Secure Boot in BIOS to load this module, because it's not signed by Microsoft, because it's built locally. I got the following error:
Configure
Client
Create keys
Create wg-quick config
/etc/wireguard/wg_libertas.conf
1 ###WIREGUARD CONFIG
2 #HOST: "libertas"
3 #PEER: "hostname.dyna.rockstable.it"
4 #DATE: "2020-12-25"
5
6 [Interface]
7 DNS = 10.255.255.1/24
8 #MTU =
9 #Table =
10 #PreUp =
11 #PostUp =
12 #PreDown =
13 #PostDown =
14 #SaveConfig = false
15 PrivateKey = eOPGzM9Sa8LR3Q/zD17q6zPOLYSx3D/d0Jb2QeskjHQ=
16 #FwMark =
17 ListenPort = 51820
18
19 [Peer]
20 PublicKey = e3ZITGXKIUXrtjg0/0LAt2/lSuJtASX3/25itWLwBRA=
21 Endpoint = hostname.dyna.rockstable.it:51820
22 AllowedIPs = 10.255.255.0/24
23 AllowedIPs = 0.0.0.0/0
24 #AllowedIPs = 0.0.0.0/0, ::/0
25 PresharedKey = JNVOOUGtSJv9iqaoX63da3Xx1dzTWdk13+hXyoyfM0w=
26 #PersistentKeepalive =
When the server is configured, start the tunnel.
Server
Create wg-quick config
/etc/wireguard/wg_hostname.conf
Start listening