How to Set Up WireGuard VPN on Ubuntu

June 8, 2024

How to Set Up WireGuard VPN on Ubuntu
Cheap Linux Server

 


How to Set Up WireGuard VPN on Ubuntu


WireGuard is a modern, high-performance VPN protocol that is simple to configure and offers state-of-the-art cryptography. In this guide, we’ll walk you through the process of setting up a WireGuard VPN on an Ubuntu server and client.

Prerequisites

Before you begin, ensure you have the following:

  • An Ubuntu server (for the VPN server).
  • An Ubuntu client (for the VPN client).
  • Root or sudo access on both systems.

Step 1: Update Your System

First, update your package lists and upgrade your existing packages to ensure everything is up to date.

sudo apt update

sudo apt upgrade -y

Update Your System  

Step 2: Install WireGuard

Next, install WireGuard on both the server and the client.

sudo apt install wireguard -y

Install WireGuard

Step 3: Generate Key Pairs

WireGuard uses public and private keys for authentication. Generate these keys on both the server and client.

On the Server

wg genkey | tee server_private.key | wg pubkey > server_public.key

On the Server

On the Client

wg genkey | tee client_private.key | wg pubkey > client_public.key

On the Client

Step 4: Configure WireGuard Server

Create the WireGuard configuration file for the server.

sudo nano /etc/wireguard/wg0.conf

Configure WireGuard Client

Add the following configuration, replacing YourServerPrivateKey with the actual private key from server_private.key, and adjust the Address and ListenPort as needed.

[Interface]

PrivateKey = YourServerPrivateKey

Address = 10.0.0.1/24

ListenPort = 51820

 


[Peer]

PublicKey = YourClientPublicKey

AllowedIPs = 10.0.0.2/32

Add the following configuration

Save and close the file.

Step 5: Configure WireGuard Client

Create the WireGuard configuration file for the client.

sudo nano /etc/wireguard/wg0.conf

Create the WireGuard configuration

Add the following configuration, replacing YourClientPrivateKey with the actual private key from client_private.key, and YourServerPublicKey with the server’s public key from server_public.key. Adjust the Address and Endpoint as needed.

[Interface]

PrivateKey = YourClientPrivateKey

Address = 10.0.0.2/24

 


[Peer]

PublicKey = YourServerPublicKey

Endpoint = your_server_ip:51820

AllowedIPs = 0.0.0.0/0

Add the following configuration Client

Save and close the file.

Step 6: Enable IP Forwarding on the Server

To allow traffic to pass through the VPN, enable IP forwarding on the server.

sudo sysctl -w net.ipv4.ip_forward=1

To allow traffic to pass through the VPN

To make this change permanent, add it to the /etc/sysctl.conf file.

sudo nano /etc/sysctl.conf

To make this change permanent

Uncomment or add the following line:

net.ipv4.ip_forward=1

Uncomment or add the following line

Save and close the file.

Step 7: Configure Firewall Rules

Ensure your firewall allows traffic on the WireGuard port (51820 in this example).

On the Server

sudo ufw allow 51820/udp

Configure Firewall Rules on the server

Step 8: Start WireGuard

Start the WireGuard interface on both the server and the client.

On the Server

sudo wg-quick up wg0

Start WireGuard on the client

On the Client

sudo wg-quick up wg0

Start WireGuard on the server

To enable WireGuard to start on boot, use the following command on both systems:

sudo systemctl enable wg-quick@wg0

To enable WireGuard to start on boot

Step 9: Verify the Connection

You can verify the connection by checking the WireGuard interface.

On the Server

sudo wg

Verify the Connection on the client

On the Client

sudo wg

Verify the Connection on the server

You should see the peer details and the transfer statistics indicating that the VPN is working correctly.

Conclusion

Congratulations! You have successfully set up a WireGuard VPN on Ubuntu. WireGuard’s simplicity and efficiency make it an excellent choice for secure VPN connections. For more advanced configurations, refer to the official WireGuard documentation.


 

Common SSH Commands in Linux With Examples (F.A.Q)

 
How can I check the status of my WireGuard VPN connection?

Use the command sudo wg on either the server or client to view details about the WireGuard interfaces and peer connections.

How can I securely transfer files using SSH?

You can securely transfer files between your local machine and a remote server using the scp (secure copy) command. Here’s an example of copying a local file to a remote server:

scp /path/to/local/file.txt user@remote_server:/path/to/destination/

Similarly, you can copy files from a remote server to your local machine:

scp user@remote_server:/path/to/remote/file.txt /path/to/local/destination/
How do I disconnect a client from the WireGuard server?

Remove the client’s [Peer] section from the server’s configuration file and restart WireGuard on the server. Stop the WireGuard interface on the client with sudo wg-quick down wg0.

What should I do if my WireGuard VPN connection is not working?

Check configuration files, ensure firewall rules allow WireGuard traffic, verify IP forwarding is enabled on the server, check log files for errors, and troubleshoot network connectivity issues.

What is Forex VPS and Why You Need It

What is Forex VPS and Why You Need It

  What is Forex VPS and Why You Need It The world of Forex trading is dynamic and fast-paced, where milliseconds can make a difference between a profitable trade and a loss. As traders strive to optimize their trading strategies and enhance their performance, one...

What Is Ubuntu Pro, and Is It Worth It?

What Is Ubuntu Pro, and Is It Worth It?

  What Is Ubuntu Pro, and Is It Worth It? In today's fast-evolving technological landscape, security and compliance are paramount concerns for enterprises. As organizations increasingly adopt open-source solutions, maintaining the robustness and security of these...

0 Comments

Submit a Comment