WireGuard is a modern, high-performance VPN protocol that is simple to configure and offers state-of-the-art cryptography. In this guide, we’ll walk you through the process of setting up a WireGuard VPN on an Ubuntu server and client.
Prerequisites
Before you begin, ensure you have the following:
- An Ubuntu server (for the VPN server).
- An Ubuntu client (for the VPN client).
- Root or sudo access on both systems.
Step 1: Update Your System
First, update your package lists and upgrade your existing packages to ensure everything is up to date.
sudo apt update
sudo apt upgrade -y
Step 2: Install WireGuard
Next, install WireGuard on both the server and the client.
sudo apt install wireguard -y
Step 3: Generate Key Pairs
WireGuard uses public and private keys for authentication. Generate these keys on both the server and client.
On the Server
wg genkey | tee server_private.key | wg pubkey > server_public.key
On the Client
wg genkey | tee client_private.key | wg pubkey > client_public.key
Step 4: Configure WireGuard Server
Create the WireGuard configuration file for the server.
sudo nano /etc/wireguard/wg0.conf
Add the following configuration, replacing YourServerPrivateKey
with the actual private key from server_private.key
, and adjust the Address
and ListenPort
as needed.
[Interface]
PrivateKey = YourServerPrivateKey
Address = 10.0.0.1/24
ListenPort = 51820
[Peer]
PublicKey = YourClientPublicKey
AllowedIPs = 10.0.0.2/32
Save and close the file.
Step 5: Configure WireGuard Client
Create the WireGuard configuration file for the client.
sudo nano /etc/wireguard/wg0.conf
Add the following configuration, replacing YourClientPrivateKey
with the actual private key from client_private.key
, and YourServerPublicKey
with the server’s public key from server_public.key
. Adjust the Address
and Endpoint
as needed.
[Interface]
PrivateKey = YourClientPrivateKey
Address = 10.0.0.2/24
[Peer]
PublicKey = YourServerPublicKey
Endpoint = your_server_ip:51820
AllowedIPs = 0.0.0.0/0
Save and close the file.
Step 6: Enable IP Forwarding on the Server
To allow traffic to pass through the VPN, enable IP forwarding on the server.
sudo sysctl -w net.ipv4.ip_forward=1
To make this change permanent, add it to the /etc/sysctl.conf
file.
sudo nano /etc/sysctl.conf
Uncomment or add the following line:
Save and close the file.
Step 7: Configure Firewall Rules
Ensure your firewall allows traffic on the WireGuard port (51820 in this example).
On the Server
Step 8: Start WireGuard
Start the WireGuard interface on both the server and the client.
On the Server
On the Client
To enable WireGuard to start on boot, use the following command on both systems:
sudo systemctl enable wg-quick@wg0
Step 9: Verify the Connection
You can verify the connection by checking the WireGuard interface.
On the Server
On the Client
You should see the peer details and the transfer statistics indicating that the VPN is working correctly.
Conclusion
Congratulations! You have successfully set up a WireGuard VPN on Ubuntu. WireGuard’s simplicity and efficiency make it an excellent choice for secure VPN connections. For more advanced configurations, refer to the official WireGuard documentation.
0 Comments