- WireGuard on Kali
- Getting Started
- Wrapping up
- Как установить и настроить WireGuard на Kali Linux
- Установка WireGuard#
- Настройка сервера WireGuard#
- Настройка WireGuard клиент.#
- Вывод#
- How to Install and Configure WireGuard on Kali Linux
- Is WireGuard faster than OpenVPN?
- Is open VPN free?
- How do I add a tunnel to my WireGuard?
- Is WireGuard TCP or UDP?
- What ports need to be open for WireGuard?
- How do I install OpenVPN?
- How do I completely update Kali Linux?
- Is Kali Linux anonymous?
- How to Install and Configure WireGuard on Kali Linux
- Installing WireGuard
- Configuring WireGuard Server
- Configuring WireGuard Client
- Conclusion
- About the author
- John Otieno
WireGuard on Kali
We have been hearing a lot about WireGuard lately and with it being recently added to the Kali repos, we thought we would give it a quick try to see what all the fuss is about. All in all, we found this is a really nice and quick to configure VPN solution, and might be worth checking out.
Getting Started
With WireGuard added to the repos, installation is nice and easy:
And we are off. Next comes time for configuration. This is where WireGuard really shone for us, as it took next to nothing to get up and running.
On the server, we have to generate a public/private key pair and set up an initial config file:
publickey umask u=rwx,go= && cat > /etc/wireguard/wg0.conf
And we do the same process on the client to establish its key pair and config:
publickey umask u=rwx,go= && cat /etc/wireguard/wg0.conf
These are pretty simple configs but it’s worth pointing a few things out. First off, you obviously have to put the output from the key pairs into the configs as appropriate. Additionally, the DNS line on the client is to help prevent DNS leaks from using your local default DNS server. You may or may not want to change that depending on your needs.
Most important however is the “AllowedIPs” line. This will control what IPs do or don’t go across the VPN. In this case, we setup the client to route everything through the VPN server. We will play with this more in a bit, but let’s look at getting this basic config running.
To start and stop the tunnel, it’s pretty easy:
And of course, we need to enable IP masquerade and IP forwarding on the server:
So, with this we have a traditional VPN configuration. If you are looking to just get a standard VPN setup, at this point you are done. There are some advantages to this compared to using OpenVPN, for instance this solution seems to be much faster, the config is a lot simpler, and it’s a touch more stealthy in that the server won’t respond to packets that don’t have a proper key pair linked to them. We thought however it might be interesting to change the configuration to reflect our ISO of Doom config, having a client that will auto connect to the server on boot allowing the server to route through and access the client network.
WireGuard of DOOM!
First things first, on our client, let’s quickly set up IP forwarding and masquerading:
Great, with that done, we make a couple minor changes to our configs. First up, on the server we change the “AllowedIPs” line to have the private network on the report site. This would look like so:
With that one line changed on the server, we then tweak the clients “AllowedIPs” line to remove the option to route everything to the VPN server:
[email protected]:~# ping 192.168.2.22 PING 192.168.2.22 (192.168.2.22) 56(84) bytes of data. 64 bytes from 192.168.2.22: icmp_seq=19 ttl=63 time=50.2 ms 64 bytes from 192.168.2.22: icmp_seq=20 ttl=63 time=53.4 ms 64 bytes from 192.168.2.22: icmp_seq=21 ttl=63 time=48.1 ms
Now the VPN server can access the subnets on the other side of the WireGuard VPN.
Wrapping up
Time will tell if WireGuard replaces OpenVPN as the VPN of choice, or if the latest buzz is just excitement of using the newest toys. In any case, it’s nice to have the ability to test it out, and use if it’s a good fit. As we have seen here, it’s definitely easy to setup, and relatively versatile in the user cases.
Как установить и настроить WireGuard на Kali Linux
WireGuard - это простой и быстрый открытый источник VPN-туннельной службы, построенный с высококачественными криптографическими технологиями. Очень легко настроить и использовать, и многие считают его лучше, чем OpenVPN или IPSec. WireGuard также является кроссплатформой и поддерживает встроенные устройства.
WireGuard работает, настроив интерфейсы виртуальных сетей, таких как WLAN0 или ETH0, который можно управлять и контролировать как обычные сетевые интерфейсы, помогая настроить и управлять WireGuard легко с помощью Net-Tools и других сетевых инструментов управления.
Это руководство покажет вам, как настроить WireGuard клиент и сервер на системе Kali Linux.
Давайте начнем с установки WireGuard в систему.
Установка WireGuard#
В зависимости от версии Kali Linux вы работаете, вы должны иметь WireGuard apt репозитории. Обновите свою систему с помощью команд:
sudo apt-get update sudo apt-get upgrade
Далее введите простую команду apt для установки WireGuard:
sudo apt-get install –y wireguard
Как только у нас будет установлена WireGuard, мы можем приступить к его настраиванию.
Настройка сервера WireGuard#
Безопасность WireGuard работает на парах ключа SSH, которые очень легко настроить. Начните с создания каталога .wireguard .
mkdir ~/.wireguard cd ~/.wireguard
Далее установите для чтения, записи и выполнения разрешений.
Теперь мы можем генерировать key-value с помощью команды:
wg genkey | tee privatekey | wg pubkey > publickey
Далее скопируйте содержимое закрытого ключа:
После того, как у вас есть содержимое закрытого ключа, скопированного в ваш буфер обмена, создайте файл конфигурации WireGuard в /etc/wireguard/wg0.conf
В файле добавьте следующие строки:
Interface] Address = SERVER_IP SaveConfig = true ListenPort = 51820 PrivateKey = SERVER_PRIVATE_KEY [Peer] PublicKey = CLIENT_PUBLIC_KEY AllowedIPs = CLIENT_IP
В адресе добавьте IP-адрес хостинга сервера. Для PrivateKey введите содержимое закрытого ключа, который вы скопировали ранее.
В Peer добавьте открытый ключ для клиента и IP-адрес.
После того, как у вас есть настройка файла конфигурации, установите сервер VPN для запуска при запуске.
sudo systemctl enable wg-quick@wg0
Наконец, запустите сервис WireGuard на сервере:
Настройка WireGuard клиент.#
Далее нам нужно настроить клиент WireGuard. Убедитесь, что у вас установлен WireGuard в системе.
Создайте пары значения ключевых значений.
wg genkey | tee privatekey | wg pubkey > publickey umask u=rwx,go= && cat /etc/wireguard/wg0.conf
Наконец, сохраните файл и включите VPN:
Вы можете проверить соединение с помощью команды:
Вывод#
Настройка WireGuard легко и эффективна. После настройки вы можете использовать его в самых разных случаях.
How to Install and Configure WireGuard on Kali Linux
Once WireGuard is installed, you can check that the installation succeeded by running: wg , if you get no output it's all good. In order to check that the WireGuard kernel module has loaded you can run sudo modprobe wireguard .
Is WireGuard faster than OpenVPN?
WireGuard is the fastest VPN protocol we have tested — much faster than OpenVPN. This makes WireGuard the fastest VPN protocol we have tested (when used with NordVPN on a nearby server).
Is open VPN free?
The basic version of OpenVPN (OpenVPN Community Edition) is free, but the protocol offers more advanced features on its paid version (OpenVPN Access Server). In addition, many people who use OpenVPN do so through a VPN provider, which usually has a small monthly cost.
How do I add a tunnel to my WireGuard?
Setting up the WireGuard App on a device
Alternatively, if you are configuring the WireGuard mobile app for iOS and Android you can take a picture of the QR code from the app. Choose "Create from QR code" and point the camera at the QR image provided by the tunnel profile in the NG Firewall administration.
Is WireGuard TCP or UDP?
WireGuard only supports UDP. You can use other tools to redirect the UDP packet to tcp. One possible is udp2raw . The bad news is that you must run it on both the server and the client side.
What ports need to be open for WireGuard?
WireGuard uses UDP to transmit the encrypted IP packets. The port can be freely selected from the high ports range. If no port is specified, WireGuard starts at 51820/UDP.
How do I install OpenVPN?
- Right click on an OpenVPN configuration file (. ovpn) and select Start OpenVPN on this configuration file. .
- Run OpenVPN from a command prompt Window with a command such as: openvpn myconfig.ovpn. .
- Run OpenVPN as a service by putting one or more .
How do I completely update Kali Linux?
Start Kali Linux and open a terminal. Step Two: Type apt-get update && apt-get upgrade (without quotes) in the terminal and hit Enter. Kali will now check it's webservers for updates.
Is Kali Linux anonymous?
All the traffic (Kali Linux) will be routed through the Tor network. And you can browse anonymously.
Shell
How to find Ubuntu Version, Codename and OS Architecture in Shell ScriptGet Ubuntu Version. To get ubuntu version details, Use -r with lsb_release com.
Script
How to Debug a Bash Script like a BossUse options (bash specific)Use breakpoints.Use debug output.Use shopts (bash specific)How do you debug a bash sc.
Player
16 Best Open Source Video Players For Linux in 2020VLC Media Player. . XBMC – Kodi Media Center. . Miro Music and Video Player. . SMPlayer. . .
Latest news, practical advice, detailed reviews and guides. We have everything about the Linux operating system
How to Install and Configure WireGuard on Kali Linux
WireGuard is a simple and fast open-source VPN tunneling service built with high-end cryptographic technologies. It is very easy to set up and use, and many consider it better than OpenVPN or IPSec. WireGuard is also cross-platform and supports embedded devices.
WireGuard works by setting up virtual network interfaces such as wlan0 or eth0 that can be managed and controlled like normal network interfaces, helping configure and manage the WireGuard easily using net-tools and other network managing tools.
This guide will show you how to set up a WireGuard client and server on a Kali Linux system.
Let us start by installing WireGuard on the system.
Installing WireGuard
Depending on the version of Kali Linux you are running, you should have WireGuard apt repositories. Update your system using the commands:
Next, enter a simple apt command to install WireGuard:
Once we have WireGuard installed on the system, we can proceed to configure it.
Configuring WireGuard Server
WireGuard security operates on SSH key-value pairs, which are very easy to configure. Start by creating a .wireguard directory.
Next, set read, write, and execute permissions.
Now we can generate the key-value pairs using the command:
Next, copy the contents of the private key:
Once you have the contents of the private key copied to your clipboard, create a WireGuard configuration file in /etc/wireguard/wg0.conf
In the file, add the following lines:
In the address, add the IP address of the hosting server. For PrivateKey, enter the contents of the private key you copied previously.
In the peer section, add the public key for the client and the IP address.
Once you have the configuration file set up, set the VPN server to launch at startup.
Finally, start the WireGuard service on the server:
Configuring WireGuard Client
Next, we need to configure the WireGuard client. Ensure you have WireGuard installed on the system.
Generate Key value pairs as well.
wg genkey | tee privatekey | wg pubkey > publickey
umask u =rwx, go = && cat / etc / wireguard / wg0.conf
PrivateKey = CLIENT PRIVATE KEY
PublicKey = SERVER PUBLIC KEY
Finally, save the file and enable the VPN:
You can verify the connection with the command:
Conclusion
Setting up WireGuard is easy and efficient. Once set up, you can use it in a wide variety of cases. With what you’ve learned from this guide, you can test and see if it works better than other VPN services.
About the author
John Otieno
My name is John and am a fellow geek like you. I am passionate about all things computers from Hardware, Operating systems to Programming. My dream is to share my knowledge with the world and help out fellow geeks. Follow my content by subscribing to LinuxHint mailing list