H 240: Wireguard VPN (15 pts)

What You Need for This Project

Purpose

To make a point-to-point VPN connection from the Window client to the Debian server.

Server Setup

On your Debian 10 Linux cloud server, in a Terminal session, execute these commands:
sudo apt update
sudo apt install linux-headers-$(uname -r) -y
sudo apt install -y wireguard
sudo su -
cd /etc/wireguard
wg genkey | tee privatekey | wg pubkey > publickey
chmod 600 *
cat privatekey
cat publickey
exit
Make a note of your private and public keys, as shown below.

Execute this command:

sudo nano /etc/wireguard/wg0.conf
In nano, insert this text, as shown below.

Change the private key to the correct value for your system.

[Interface]
Address = 192.168.100.1/24
ListenPort = 51194
PrivateKey = IOmxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxO0M=
SaveConfig = true

Save the file with Ctrl+X, Y, Enter.

Execute these commands:

sudo systemctl enable wg-quick@wg0
sudo systemctl start wg-quick@wg0
sudo ss -nau
You should see a service listening on port 51194, as shown below.

Execute this command:

ip a
You see an interface named "wg0" with your server's local IP address of 192.168.100.1, as shown below.

Opening a Port in the Google Cloud Firewall

In the Google Cloud Console, at the top left, click the three-bar "hamburger" icon. Scroll down to the NETWORKING section and click "VPC networks, "Firewall rules".

At the top center, click "CREATE FIREWALL RULE".

Enter these values, as shown below.

At the bottom of the page, click the Create button.

Finding your Server's Public IP Address

In the Google Cloud Console, at the top left, click the three-bar "hamburger" icon. Scroll down to the COMPUTE section and click "Compute Engine, "VM instances".

Find your server's public IP address, as shown below.

Make a note of it. You'll need it to configure your client.

Client Setup

On your Windows system, download and install the Windows client from this page:

Windows Client

In the WireGuard window, at the lower left, click the down-arrow next to "Add Tunnel" and click "Add empty tunnel...".

Enter a Name of GoogleCloud.

Add these lines below the automatically generated PrivateKey, as shown below:

Address = 192.168.100.2/24
[Peer]
EndPoint = 35.239.173.115:51194
PublicKey = oUaxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxIUk=
AllowedIPs = 192.168.100.0/24
PersistentKeepalive = 20
Make a note of the client's Public key, outlined in red in the image below.

Click Save.

Click Activate.

Allow the Client on the Server

On your Debian 10 Linux cloud server, in a Terminal session, execute these commands:
sudo systemctl stop wg-quick@wg0
sudo nano /etc/wireguard/wg0.conf
Add these lines to the end of the file, as shown below, using the correct value for your client's public key.
[Peer]
PublicKey = JGWxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx4nA=
AllowedIPs = 192.168.100.2/32

Save the file with Ctrl+X, Y, Enter.

Execute these commands:

sudo systemctl enable wg-quick@wg0
sudo systemctl start wg-quick@wg0

Flag H 240: Keepalive (15 pts)

On your Windows machine, in the lower right, click the up-arrow and click the Wireguard icon, as shown below.

In the WireGuard window, click the Log tab.

Find a line beginning with "Sending keepalive".

The flag is covered by a green rectangle in the image below.

References

Debian 10 set up WireGuard VPN server
How to Install Kernel Headers in Ubuntu and Debian

Posted 5-18-2020