This howto describes how to install a Wireguard VPN server using minimal installation. Everything is done as the root user in this howto.

Download Raspberry OS Lite 64bit at: https://www.raspberrypi.com/software/operating-systems/ Use Etcher or whatever to install the downloaded zip on a SD card.

Use raspi-config to set network and change password of the pi user and change the hostname:

raspi-config

systemctl enable ssh.service
systemctl start ssh.service

/etc/dhcpcd.conf

.
.
.
interface eth0
static ip_address=172.16.2.1/24
static routers=172.16.2.254
static domain_name_servers=172.16.1.50 208.67.222.222

ssh-keygen

~/.ssh/authorized_keys

ssh-rsa ...
ssh-rsa ...
ssh-rsa ...

apt update
apt upgrade -y
apt remove -y --purge triggerhappy logrotate dphys-swapfile dc nano
apt autoremove --purge -y

Edit the following file and add “fastboot noswap ro” to the end of the line so it looks something like this:

/boot/cmdline.txt

console=serial0,115200 console=tty1 root=PARTUUID=6c586e13-02 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait fastboot noswap ro

apt install -y busybox-syslogd
apt remove -y --purge rsyslog

Add the following at the end of the following file:

/etc/bash.bashrc

alias temp='/usr/bin/vcgencmd measure_temp'

apt install -y wireguard 

/etc/sysctl.conf

.
.
net.ipv4.ip_forward=1
.
.

sysctl -p /etc/sysctl.conf

I am not going to explain how Wireguard works. There is plenty to find on internet. In this example we ha defined two clients (peers) who can connect to the server <code - /etc/wireguard/wg0.conf> [Interface] Address = 192.168.168.1 ListenPort = 51820 PrivateKey = <PRIVATE-KEY-SERVER>

[Peer] PublicKey = <PUBLIC-KEY-CLIENT1> AllowedIPs = 192.168.168.2/32

[Peer] PublicKey = <PUBLIC-KEY-CLIENT2> AllowedIPs = 192.168.168.3/32