This tutorial will show how to setup a simple test environment via Vagrant and to install, configure and use WireGuard VPN software. In this tutorial Debian 10 is used, you can find the documentation about other OS on WireGuard website.
Preparation
First make sure VirtualBox and Vagrant are installed in latest versions. Now create needed project and files.
# create directory
$ mkdir -p ~/Projects/WireGuard
# change directory
$ cd ~/Projects/WireGuard
# create needed files
$ touch Vagrantfile
$ touch machines.yml
--
- name: host-a
box: generic/debian10
ip: 192.168.100.10
cpus: 1
memory: 1024
- name: host-b
box: generic/debian10
ip: 192.168.100.20
cpus: 1
memory: 1024
# -*- mode: ruby -*-
# vi: set ft=ruby :
require 'yaml'
machines = YAML.load_file('machines.yml')
Vagrant.configure("2") do |config|
machines.each do |machines|
config.vm.define machines["name"] do |machine|
# box settings
machine.vm.hostname = machines["name"]
machine.vm.box = machines["box"]
machine.vm.synced_folder ".", "/vagrant", disabled: true
machine.vm.network "private_network", ip: machines["ip"]
# virtualbox settings
machine.vm.provider :virtualbox do |vb|
vb.name = machines["name"]
vb.cpus = machines["cpus"]
vb.memory = machines["memory"]
vb.gui = false
end
# provision all
machine.vm.provision "shell", name: "all", inline: <<-SHELL
sudo echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list
sudo printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable
sudo apt update -y && sudo apt install -y wireguard
SHELL
# provision only host-a
if machines["name"] == 'host-a'
machine.vm.provision "shell", name: "host-a only", inline: <<-SHELL
sudo su -
cd ~
wg genkey > private
ip link add wg0 type wireguard
ip addr add 10.0.0.1/24 dev wg0
wg set wg0 private-key ./private
ip link set wg0 up
ip addr
wg
SHELL
end
# provision only host-b
if machines["name"] == 'host-b'
machine.vm.provision "shell", name: "host-b only", inline: <<-SHELL
sudo su -
cd ~
wg genkey > private
wg pubkey < private
ip link add wg0 type wireguard
ip addr add 10.0.0.2/24 dev wg0
wg set wg0 private-key ./private
ip link set wg0 up
ip addr
wg
SHELL
end
end
end
end
Usage
All files are created and we can start to start the environment.
# validate Vagrantfile
$ vagrant validate
# start environment
$ vagrant up
For box 1 (host-a)
# ssh into box
$ vagrant ssh host-a
# check network interfaces (for ip)
$ sudo ip addr
# check wg settings
$ sudo wg
# configure VPN interface
$ sudo wg set wg0 peer 0WqUA1Se9Cp/+/AUwiK+K7Nb67kzfyH1Q+SZB9QxFUI= allowed-ips 10.0.0.2/24 endpoint 192.168.100.20:36096
# ping via normal interface and VPN interface
$ ping -c 1 192.168.100.20
$ ping -c 1 10.0.0.1
# check wg settings
$ sudo wg
For box 2 (host-b)
# ssh into box
$ vagrant ssh host-b
# check network interfaces (for ip)
$ sudo ip addr
# check wg settings
$ sudo wg
# configure VPN interface
$ sudo wg set wg0 peer 5QYy8eps/qU2SAZibvfokLwwORxRHQ04JfX9107Db2k= allowed-ips 10.0.0.1/24 endpoint 192.168.100.10:36096
# ping via normal interface and VPN interface
$ ping -c 1 192.168.100.20
$ ping -c 1 10.0.0.2
# check wg settings
$ sudo wg
Important is that your ports and keys will be different and be patient before start ping each other – have fun…