WireGuard VPN: Setup WG_VPN client App on Android phone and connect to local WG_VPN server on VM

  sonic0002        2020-10-24 08:46:42       4,055        0    

We will show the detail steps about how to setup the WireGuard VPN client on an Android phone/pad and configure the VPN client to connect a WG_VPN server in local network. The setup process contents three main steps:

  1. Install WireGuard and create a key-pair in WireGuard client.
  2. Add the Android client peer information in the WireGuard server’s config file.
  3. Config the Android WireGuard client to connect to the server.

The test environment network configuration: 

No alt text provided for this image

Step 1. Install WireGuard App and create a key-pair in WireGuard client.

No alt text provided for this image
Open the Android phone/pad Google App Play Store and search “WireGuard”, then install the WireGuard VPN client App on the Android phone/pad. After the installation process finishes, open the WireGuard client App
No alt text provided for this image

Click the ‘+’ button at the bottom right corner and select the “CREATE FROM SCRATCH” to add a new interface:

No alt text provided for this imageWhen the setup page popup, type in an interface name and press the “refresh button” once, the encryption key pair will be filled with public key and private key. Record the public key down in a file. In this example record the key string “KdTJ7V/6e3wrZy/ab6Fkgr2WKnbDBiL/65VaKc2F8AE=”

Step 2. Add the Android client peer information in the server’s config file.

At the Ubuntu server computer side, stop the WireGuard server by command:

sudo systemctl stop wg-quick@wg0

Edit the WireGurad config file by command:

sudo vim /etc/wireguard/wg0.conf

Append below client config line in the file:

[Peer]
## Desktop/client VPN public key ##
PublicKey = KdTJ7V/6e3wrZy/ab6Fkgr2WKnbDBiL/65VaKc2F8AE=
## client VPN IP address (note the /32 subnet) ##
AllowedIPs = 192.168.6.2/32
No alt text provided for this image

The PublicKey is the string we recorded from the Android app in step 1(as shown below): “KdTJ7V/6e3wrZy/ab6Fkgr2WKnbDBiL/65VaKc2F8AE=”

The AllowedIPs is the IP we want to assign to the VPN client when it has connected. Save the changes and restart the WireGuard server by command:

sudo systemctl start wg-quick@wg0

Step 3. Config the Android WireGuard client to connect to the server.

On the server side get the public key by these two commands:

umask 077; wg genkey | tee privatekey | wg pubkey > publickey cat publickey
cat publickey
No alt text provided for this image
No alt text provided for this image

Record the server’s public key. In the Android WireGuard App set the interface IP with the same value as the AllowedIPs in step 2.

No alt text provided for this image

In the Android WireGuard client App side, fill in the Server’s public key, public IP and the port as below. “Allowed IPs” set to “0.0.0.0/32”.

No alt text provided for this image

Press the save button to save the changes.

No alt text provided for this imageTurn on the connection by press the slider bar. When we see both the data transfer rx and tx shown, which means the client has connected to the server correctly.

At server side we can also double check the connection by command:

sudo wg show wg0
No alt text provided for this image

 

Note: This post is authorized to republish here by Yuancheng Liu, Senior Security Development Engineer at Trustwave. Original post is here.

TUTORIAL  VPN  WIREGUARD 

       

  RELATED

  0 COMMENT

No comment for this article.


  RANDOM FUN

Correct way to stay out of flood