WireGuard on Debian OpenVZ6, OpenVZ7 NAT VPS

Big thanks to Daniel who wrote guide on "WireGuard on OpenVZ/LXC" https://d.sb/2019/07/wireguard-on-openvz-lxc . I have tried & tested Daniel's guide and its even working on Debian OpenVZ6 & 7 NAT VPS

OpenVZ6
Debian 8.11 x64 - 128MB NAT VPS Kernal: 2.6.32-042stab130.1
Debian 8.11 x64 - 256MB NAT VPS Kernal: 2.6.32-042stab140.1

Only one client is working, tried to add multiple clients but still only one client worked
IPv6 doesn't work
Speed is faster than Openvpn
low memory usage
OpenVZ7
Debian 9.11 x64 - 512MB NAT VPS - Kernal: 4.9.0

Multiple clients working
IPv6 working
Speed is good
low memory usage
KVM
Used installer of https://github.com/l-n-s/wireguard-install

Automated installer for setup, adding clients & clients profile file.
IPv6 worked when added manually in wg0.conf
Speed is very good
low memory usage
Big Thanks to Daniel ( https://d.sb/2019/07/wireguard-on-openvz-lxc ). If anyone try to play, here are the details and commands. I have used Daniel's guide, please follow all steps, I added few commands as i got errors i.e apt install make and wg-quick up wg0 and wg-quick down wg0

echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list && printf 'Package: *
Pin: release a=unstable
Pin-Priority: 90
' > /etc/apt/preferences.d/limit-unstable && apt update

apt install wireguard-tools --no-install-recommends

cd /tmp && wget https://dl.google.com/go/go1.13.4.linux-amd64.tar.gz && tar zvxf go1.13.4.linux-amd64.tar.gz && sudo mv go /opt/go1.13.4 && sudo ln -s /opt/go1.13.4/bin/go /usr/local/bin/go

go version

(have to install make, it wasn't install in my vps)
apt install make

cd /usr/local/src && wget https://git.zx2c4.com/wireguard-go/snapshot/wireguard-go-0.0.20191012.tar.xz && tar xvf wireguard-go-0.0.20191012.tar.xz && cd wireguard-go-0.0.20191012

(set these variables if you are using VPS less than 256MB)

nano device/queueconstants_default.go

MaxSegmentSize = 1700
PreallocatedBuffersPerPool = 1024

(Run make command)
make

sudo cp wireguard-go /usr/local/bin

wireguard-go --version

(Create public & private keys for Server)
wg genkey | tee private key | wg pubkey > publickey

nano /lib/systemd/system/wg-quick@.service

add this line directly below
Environment=WG_I_PREFER_BUGGY_USERSPACE_TO_POLISHED_KMOD=1

(Perform these commands or wg0-quick will give error and wg0 interface won't come UP)
wg-quick up wg0

wg-quick down wg0

Add following two lines in Server [Interface] /etc/wireguard/wg0.conf only if you using only IPv4

PostUp = iptables -t nat -A POSTROUTING -o venet0 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o venet0 -j MASQUERADE)

For IPv6, add these in /etc/wireguard/wg0.conf

PostUp = iptables -t nat -A POSTROUTING -o venet0 -j MASQUERADE; ip6tables -t nat -A POSTROUTING -o venet0 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o venet0 -j MASQUERADE; ip6tables -t nat -D POSTROUTING -o venet0 -j MASQUERADE

systemctl enable wg-quick@wg0
systemctl start wg-quick@wg0

wg
(check wg running)

Install Wireguard Client. I have used android and windows 10 client. Generate public and private keys in client software/App and set client "public key" in server wg0.conf on SERVER & set server "public key" in CLIENT

thats it

===============
Following are my conf

OpenVZ6 VPS

Server Config /etc/wireguard/wg0.conf

[Interface]
Address = 10.66.66.1/24
PrivateKey = PRIVATE KEY OF SERVER
ListenPort = PORT
PostUp = iptables -t nat -A POSTROUTING -o venet0 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o venet0 -j MASQUERADE
SaveConfig = false
[Peer]
PublicKey = PUBLIC KEY OF CLIENT
AllowedIPs = 10.66.66.3/24

Client Config

[Interface]
PrivateKey = PRIVATE KEY OF CLIENT
Address = 10.66.66.3/24
DNS = 8.8.8.8, 8.8.4.4

[Peer]
PublicKey = PUBLIC KEY OF SERVER
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = SERVER IP:PORT
PersistentKeepalive = 25

Frequently used commands

nano /etc/wireguard/wg0.conf

systemctl enable wg-quick@wg0

systemctl status wg-quick@wg0

systemctl start wg-quick@wg0

systemctl stop wg-quick@wg0

wg-quick up wg0

wg-quick down wg0

===============

OpenVZ7

Server Config /etc/wireguard/wg0.conf

[Interface]
Address = 10.123.0.1/24,fd42:42:42::1/80
PrivateKey = PRIVATE KEY OF SERVER
ListenPort = PORT
PostUp = iptables -t nat -A POSTROUTING -o venet0 -j MASQUERADE; ip6tables -t nat -A POSTROUTING -o venet0 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o venet0 -j MASQUERADE; ip6tables -t nat -D POSTROUTING -o venet0 -j MASQUERADE
SaveConfig = false

[Peer]
PublicKey = PUBLIC KEY OF CLIENT1
AllowedIPs = 10.123.0.3/32,fd42:42:42::3/128

[Peer]
PublicKey = PUBLIC KEY OF CLIENT2
AllowedIPs = 10.123.0.4/32,fd42:42:42::4/128

Client1 Config

[Interface]
PrivateKey = PRIVATE KEY OF CLIENT1
Address = 10.123.0.3/24, fd42:42:42::3/80
DNS = 8.8.8.8, 8.8.4.4, 2001:4860:4860::8888

[Peer]
PublicKey = PUBLIC KEY OF SERVER
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = SERVER IP:PORT
PersistentKeepalive = 25

Client2 Config

[Interface]
PrivateKey = PRIVATE KEY OF CLIENT2
Address = 10.123.0.4/24, fd42:42:42::4/80
DNS = 8.8.8.8, 8.8.4.4, 2001:4860:4860::8888

[Peer]
PublicKey = PUBLIC KEY OF SERVER
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = SERVER IP:PORT
PersistentKeepalive = 25

Top News