Installing WireGuard on Raspberry Pi OS Buster

Most of the instructions out there are far from something I would call “best practice”, so I wrote one my own.

Install Debian Keyring

Install package debian-archive-keyring downloaded from Debian official site, through a secure connection.

wget https://deb.debian.org/debian/pool/main/d/debian-archive-keyring/debian-archive-keyring_2019.1+deb10u1_all.deb
sudo apt install ./debian-archive-keyring_2019.1+deb10u1_all.deb

Required keys will be neatly shelved in directory /etc/apt/trusted.gpg.d/, uninstalling will also be easy.

Do not use apt-key to add keys here.

If we add keys with apt-key, unless otherwise specified, those keys will all be jammed into file /etc/apt/trusted.gpg. Moreover, figuring out which key is which from fingerprint before key adding/deleting is error-prone and tedious.

Setup Debian Backports Suite

Create file /etc/apt/sources.list.d/debian-buster-backports.list with following content.

deb http://deb.debian.org/debian/ buster-backports main contrib non-free
# Uncomment line below then 'apt-get update' to enable 'apt-get source'
#deb-src http://deb.debian.org/debian/ buster-backports main contrib non-free

The setting of NotAutomatic: yes in its Release file make backports deactivated by default, no additional priority adjustment needed. ButAutomaticUpgrades: yes is also there so upgrades will be taken care of once packages are installed from this suite.

Do not use unstable suite here.

Prepare the Kernel for DKMS

Make sure you have the latest kernel and its corresponding headers.

sudo apt update
sudo apt install raspberrypi-kernel raspberrypi-kernel-headers

Reboot before proceeding.

Install WireGuard

Just

sudo apt update
sudo apt install wireguard

and you’re ready to ride.

References

Posted in Technical.

8 Comments

    • Strange…. Checked all over again and everything (wg command, connection, etc.) works for me.

      Versions of related packages listed below:

      • raspberrypi-kernel – 1.20200902-1
      • raspberrypi-kernel-headers – 1.20200902-1
      • wireguard – 1.0.20200827-1~bpo10+1
      • wireguard-dkms – 1.0.20200908-1~bpo10+1
      • wireguard-tools – 1.0.20200827-1~bpo10+1
  1. Yes, this is the best way. So many other write-ups on this get the details wrong, or do it in a way that is not as maintainable. Also, that reboot is crucial, wasted a lot of time for me, and wasn’t noted else. Thanks!

Leave a Reply

Your email address will not be published. Required fields are marked *

Captcha loading...