Setting up a WireGuard connection with a static IP from AzireVPN in the Balkans requires configuring the WireGuard interface and routing traffic accordingly. This guide provides the necessary steps and configurations.
An active AzireVPN subscription with a static IP add-on.
A Linux-based system (e.g., Ubuntu, Debian, Fedora) with root access.
WireGuard tools installed (wireguard-tools, wg).
nftables installed and configured (or iptables if preferred).
Obtain Configuration Details:
Log in to the AzireVPN website.
Navigate to the WireGuard configuration generator.
Select a Balkan server location (e.g., Bulgaria, Serbia).
Choose "Static IP" as the configuration type.
Download the generated .conf file. This file contains the private key, public key, peer IP, and endpoint.
Create WireGuard Interface:
Create a new WireGuard interface, typically named wg0:
sudo ip link add dev wg0 type wireguard
Configure the Interface:
Set the private key:
sudo wg setconf wg0 /path/to/your/azirevpn.conf
Alternatively, set the parameters manually:
sudo wg set wg0 private-key <your_private_key> peer <azirevpn_peer_public_key> allowed-ips 0.0.0.0/0 endpoint <azirevpn_endpoint_ip:port> persistent-keepalive 25
sudo ip address add <your_static_ip>/32 dev wg0
sudo ip link set up dev wg0
Routing Configuration:
Determine the default gateway:
ip route | grep default
Add a route for the AzireVPN peer IP through the original gateway:
sudo ip route add <azirevpn_peer_ip>/32 via <your_default_gateway>
Set the default route through the WireGuard interface:
sudo ip route replace default dev wg0 table main
Firewall Configuration (nftables):
Flush existing rules:
sudo nft flush ruleset
Configure basic nftables rules:
table inet filter {
chain input {
type filter hook input priority 0; policy drop;
ct state {established, related} accept
iif lo accept
ip protocol icmp accept
tcp dport ssh accept #Optional: allow SSH
counter drop
}
chain forward {
type filter hook forward priority 0; policy drop;
ct state {established, related} accept
iif "wg0" accept
oif "wg0" accept
counter drop
}
chain output {
type filter hook output priority 0; policy accept;
}
}
table ip nat {
chain postrouting {
type nat hook postrouting priority 100; policy accept;
oif "wg0" masquerade
}
}
Save the configuration (e.g., /etc/nftables.conf) and enable it:
sudo nft -f /etc/nftables.conf
sudo systemctl enable nftables
sudo systemctl start nftables
DNS Configuration:
Edit /etc/resolv.conf or your system's DNS settings to use AzireVPN's DNS servers (or any trusted DNS provider):
nameserver 198.251.86.221
nameserver 85.234.205.2
Consider using systemd-resolved for persistent DNS configuration.
Verify the WireGuard connection: wg show wg0
Check the public IP address: curl ipinfo.io
Test DNS resolution: dig azirevpn.com
Ensure the AllowedIPs in the WireGuard configuration are correct.
Firewall rules blocking traffic through the wg0 interface.
Incorrect DNS settings leaking DNS requests.
Routing conflicts with existing VPN configurations.
Downloaded AzireVPN WireGuard configuration.
Created and configured the wg0 interface.
Set up routing rules.
Configured nftables (or iptables).
Verified DNS settings.
Tested the connection.