While WireGuard module has long been included in Linux kernel, not every system has it. My recent encounter is with Niagahoster VPS, which actually is a system container, seems to be OpenVZ, and not an HVM. Luckily there's an official WireGuard implementaion in Go. And we only need to run it as a systemd service for manageability.
Other systems which may find this useful are probably LXD containers and SmartOS or OmniOS LX-branded zones.
-
Make sure
tundevice is available,lsmod | grep tun ls /dev/net/tunIn Niagahoster VPS, turn on the TUN/TAP Adapter switch in VPS config page.
-
Enable backports,
echo 'deb http://deb.debian.org/debian bullseye-backports main' >> /etc/apt/sources.list apt update
-
Install only the main packages,
apt install --no-install-recommends wireguard-go wireguard-tools
Then generate private and public keys, and create config file with
.confsuffix, as you would with vanilla WireGuard. Except, the only wg-quick additional config implemented isAddress. -
Copy the scripts into WireGuard directory, make sure they are executable,
cp wg-if-* /etc/wireguard/ chmod 500 /etc/wireguard/wg-if-*
-
Copy the service file into place,
cp wireguard-go.service /etc/systemd/system/
-
Lastly, enable the service,
systemctl enable --now wireguard-go.service
Currently, the only wg-quick additional config implemented is Address.