Skip to main content

Wireguard On Kali Linux

What Is Wireguard?


Wireguard is a open-source software application and protocol that implements Virtual Private Network (VPN) Techniques to create secure point-to-point connections in routed or bridged configurations. It is run as module inside the linux kernel and aims for better performance than IPsec and openvpn tunneling protocols.


Getting Started With Wireguard On Kali Linux -

As Wireguard is  added to kali linux repositories, it can be simply Installed with terminal -

 apt install wireguard resolvconf

As the installation completes, next step is to configure wireguard to use it.
So, We Need To generate public/private key pair and set up initial config file -

wg genkey | tee privatekey | wg pubkey > publickey
umask u=rwx,go= && cat > /etc/wireguard/wg0.conf << EOF
[Interface]
Address = 10.222.222.1/24
SaveConfig = true
ListenPort = 51820
PrivateKey = -SERVER PRIVATE KEY-

[Peer]
PublicKey = -CLIENT PUBLIC KEY-
AllowedIPs = 10.222.222.2/32
EOF

 And We Do the Same Process on the client to establish its key pair and config -

wg genkey | tee privatekey | wg pubkey > publickey
umask u=rwx,go= && cat /etc/wireguard/wg0.conf  << EOF
[Interface]
Address = 10.222.222.2/32
PrivateKey = -CLIENT PRIVATE KEY-
DNS = 8.8.8.8

[Peer]
PublicKey = -SERVER PUBLIC KEY-
Endpoint = public.ip.of.server:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 21
EOF

It is Pretty Simple to turn off and on the tunnel -

# The VPN can be enabled using
wg-quick up wg0
# To disable the VPN:
wg-quick down wg0
# Information about the connection can be retrieved with following command:
wg show

And of Course, We Need to enable IP masquerade and IP Forwarding on the server -

/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward


After this we need Some minor Changes to our configs. First Up on the server we Changed "allowedIPs" line to have the private network on the report site. This would look like so: -

[Interface]
Address = 10.222.222.1/24
SaveConfig = true
ListenPort = 51820
PrivateKey = -SERVER PRIVATE KEY-

[Peer]
PublicKey = -CLIENT PUBLIC KEY-
AllowedIPs = 10.200.200.2/32, 192.168.2.0/24

Now After Changing that One Line on the server, We then tweak the clients "AllowedIPs" line to remove the option to route everything to the VPN Server -

[Interface]
Address = 10.200.200.2/32
PrivateKey = -CLIENT PRIVATE KEY-
DNS = 8.8.8.8

[Peer]
PublicKey = -SERVER PUBLIC KEY-
Endpoint = public.ip.of.server:51820
AllowedIPs = 10.200.200.0/24
PersistentKeepalive = 21

And That's It -

root@kali:~# ping 192.168.2.22
PING 192.168.2.22 (192.168.2.22) 56(84) bytes of data.
64 bytes from 192.168.2.22: icmp_seq=19 ttl=63 time=50.2 ms
64 bytes from 192.168.2.22: icmp_seq=20 ttl=63 time=53.4 ms
64 bytes from 192.168.2.22: icmp_seq=21 ttl=63 time=48.1 ms


Now The VPN Server Can access the subnets on the sides of the wireguard VPN.

Comments

Post a Comment

Popular Posts

How To Play Android Games on PC

How To Play Android Games on your PC Smartphone Gaming is becoming new trend with the increase of quality, graphics, and types of games available on the app store. But Some People face issues like the small screens of smartphones, as they want a bigger screen, better controls and a better performance, So they want to play games on PC but  all the games aren't available on windows so How can we do so? Luckily, We have a way to Do So... The Best Way to do So Is to use the Android Emulator on PC. There are not much options available in the list but Bluestacks 3 is the one well known name in the field. Let's Jump on to the process to use it. Note:- Performance of Games on Emulator Depends on the specifiations of PC you are using. Setting Up The Bluestacks 3 Installing Bluestacks 3 is a very Easy Process. You Need to Download the Bluestacks Offline installer f rom the official  Bluestacks  website and run it. The Program is quite large (approx 500MB) and may take fe...
Post a Comment
Read more

How To Detect Intruders on your WiFi Network

We live an era where people use various techniques to use a WiFi network, May be for free data or to steal personal information. So we want to see the list of peoples using our network, So let's see how to do it. It's a very easy task to do so, You Just Need To have an Android or an iPhone and download a app Named "Fing - Network Tools" from The App Store and You can have a lot of information about the network and connected devices. So Here We are using android play store to explore the app, So you can download the  Fing - Network Tools  From The Google Play Store on Your Android Phone Let's have a brief view of stuff we can do with this app - It Can List The Name Of Devices Which are Connected to your WiFi Network or Which were connected to you WiFi Network in past   Type of Devices i.e.They are mobile or laptop devices, The Above Screenshot shows how the Type indicated with Logo of Mobile or Laptop. The Name Of The Vendor Can Also Be Seen On The Righ...
Post a Comment
Read more