M 208: WireGuard VPN on Android (10 pts)

What You Need

A Google Cloud Debian 10 Linux Server
An Android device, virtual or real, such as Genymotion machine

Purpose

Connect an Android device to a Google Cloud server with a VPN, allowing use of Android Debug Bridge.

Server Setup

First do this project:

H 240: WireGuard VPN

Gathering Information

On your Debian server, execute these commands:

sudo cat /etc/wireguard/publickey wg genkey | ( read privk echo "android-private-key: $privk" echo "android-public-key: $(echo "$privk" | wg pubkey)" )

You see three long keys, as shown below.

The first one is the server's public key, and the other two will be used to identify the Android client.

Adding the Android Public Key to the Server

On your Debian server, execute these commands:

sudo systemctl stop wg-quick@wg0 sudo nano /etc/wireguard/wg0.conf

Add a new [Peer] section to the end of this file, containing the Android public key and the IP address you wish to assign to it, as shown below.

On your Debian server, execute these commands:

sudo systemctl enable wg-quick@wg0 sudo systemctl start wg-quick@wg0

Installing the WireGuard Client on Android

Install the WireGuard App from the Google Play Store, as shown below, and launch it.

Click the blue + button to add a tunnel.

Click "CREATE FROM SCRATCH".

Fill in the keys and addresses, as shown below.

To paste into Android, click and hold down the mouse button for several seconds.

Enter an Interface name of wg
Copy and paste the Android private key into the Interface Private key field. The Public key is automatically calculated.
Enter the IP address you wish to assign to the Android device into the Interface Addresses field.
Enter a DNS server of 8.8.8.8
Click "ADD PEER"
Paste the server's public key into the Peer Public key field.
Enter 5 into the Persistent keepalive field.
Enter the public IP address of your Google Cloud debian server and the port number of your WireGuard VPN into the Endpoint field.
Enter a specifier for the IP subnet of your VPN into the Allowed IPs field.

At the top right, click the floppy-disk icon to save your configuration.

At the top left, click the slider to activate your VPN interface.

Click wg to show the interface details.

At the bottom right, you should see some bytes received (rx) and transmitted (tx), as shown below.

Testing Networking

On your Debian server, execute this command, using the IP address you assigned to your Android VPN endpoint:

ping -c 5 192.168.100.10

You should see replies, as shown below.

Connecting with Android Debug Bridge

On your Debian server, execute these commands, using the IP address you assigned to your Android VPN endpoint:

sudo apt update sudo apt install android-tools-adb -y adb connect 192.168.100.10 adb devices -l

The connection should succeed, as shown below.

If it fails, check your Android device settings and make sure USB debugging is enabled.

M 208.1: Process (10 pts)
On your Debian server, execute this command:
adb shell ps | grep wire
The flag appears, covered by a green rectangle in the image below.

References

WireGuard VPN on Android

Posted 7-29-2020