====== Debian 12 Setup ======

Legacy Setup:

I've been asked by quite a few people if I could document what I've done and how I've configured Wireguard.

I'm currently running a Debian 12 colocated machine out of [[https://tier.net/|tier.net]] datacenter. I've been allocated a /24 BGP address space from AMPR. This is done from [[https://portal.ampr.org/|portal.ampr.org]]. It can take some time to get the BGP process completed, if I'm not mistaken it took me a little over 2 months.

Any and all documentation on here will be related to Debian 12; though there is a good chance it's relevant for Ubuntu systems and any other OS based off Debian.

One of the first things I do on my Debian based systems is setup unattended upgrades. Unfortunately this is a single system without HA (high availability). That means when a security update and/or kernel update comes around, the system will auto reboot on Monday's at 02:00 EST to apply the upgrades. I'm not going to go into documentation on how to setup unattended-upgrades as there are plenty of sites documenting how it works.

The first thing you need to do, is edit ''/etc/sysctl.conf''. You need so search for ''net.ipv4.ip_forward'' and uncomment the line and turn it on (=1). You'll also need to do the same for ''net.ipv4.conf.all.proxy_arp''.

An example of my ''/etc/sysctl.conf'':

<file>
net.ipv4.tcp_timestamps = 0
net.ipv4.ip_forward=1
net.ipv4.conf.all.proxy_arp=1
</file>

After making the necessary changes, you'll want to run the ''sysctl -p'' command.

Next, you'll want to add your AMPRNet address to your network interface. You'll want to update your ''/etc/network/interfaces'' file.

My enp1s0f0 ethernet is already configured, so what I'm going to do is add an alias (the :[number]).
<file>
auto enp1s0f0:0
iface enp1s0f0:0 inet static
	address 44.32.91.2/24
    # Create a routing table for the second subnet
        up ip rule add from 44.32.91.2/32 table 2
        up ip route add 44.32.91.0/24 dev enp1s0f0 scope link table 2
        up ip route add default via 44.32.91.1 dev enp1s0f0 table 2
	post-up /sbin/ip route add 44.128.0.0/10 via 44.32.91.1 dev enp1s0f0 src 44.32.91.2 || true
	post-up /sbin/ip route add 44.0.0.0/9 via 44.32.91.1 dev enp1s0f0 src 44.32.91.2 || true
        post-down /sbin/ip route del 44.128.0.0/10 via 44.32.91.1 dev enp1s0f0 src 44.32.91.2 || true
        post-down /sbin/ip route del 44.0.0.0/9 via 44.32.91.1 dev enp1s0f0 src 44.32.91.2 || true
</file>

With this change I've applied the additional address to my interface as well as update all routing for AMPRNet 44.0.0.0/9 and 44.128.0.0/10 out via 44.32.91.1 (my ISPs router... they control this, not I) with a source address of 44.32.91.2 (the IP address of this machine).

Go ahead and install the wireguard packages with ''apt-get -y install wireguard wireguard-tools''. At this point, you're ready to setup [[wireguard|wireguard]].