WireGuard is a simple, fast, and secure VPN that utilizes state-of-the-art cryptography. With a small source code footprint, it aims to be faster and leaner than other VPN protocols such as OpenVPN and IPSec. WireGuard is still under development, but even in its unoptimized state it is faster than the popular OpenVPN protocol.<\/p>\n\n\n\n
The WireGuard configuration is as simple as setting up SSH. A connection is established by an exchange of public keys between server and client. Only a client that has its public key in its corresponding server configuration file is allowed to connect. WireGuard sets up standard network interfaces (such as wg0 and wg1), which behave much like the commonly found eth0 interface. This makes it possible to configure and manage WireGuard interfaces using standard tools such as ifconfig and ip.<\/p>\n\n\n\n
This guide will configure a simple peer connection between Ubuntu server and client, as all the installation set up will be the same from all sides, server and the client, what will make difference is the configuration which we will go through in details.<\/p>\n\n\n\n
sudo apt-get update\n<\/code><\/pre>\n\n\n\n\n- Install Wireguard<\/li>\n<\/ol>\n\n\n\n
sudo apt install wireguard -y\n<\/code><\/pre>\n\n\n\nConfigure WireGuard Server<\/h4>\n\n\n\n\n- One of the best things about WireGuard is that it\u2019s security is based on SSH-like key pairs. So, the first thing to be done is to generate the necessary private and public key pair. Generate a private and public key pair for the WireGuard server:<\/li>\n<\/ol>\n\n\n\n
$ mkdir ~\/.wireguard\n$ cd ~\/.wireguard\n$ umask 077\n$ wg genkey | tee privatekey | wg pubkey > publickey\n<\/code><\/pre>\n\n\n\nThis will save both the private and public keys to your home directory; they can be viewed with cat privatekey<\/code> and cat publickey<\/code> respectively. 2. Next, you need to copy the contents of newly-generated private key with the command:<\/p>\n\n\n\ncat privatekey\n<\/code><\/pre>\n\n\n\nThe above command will print out a string of characters. You\u2019ll need to do this on both the server and the client (as you\u2019ll need the server private key and the client public key). 3. Copy that string to your clipboard and then create a new WireGuard configuration file with the command:<\/p>\n\n\n\n
sudo nano \/etc\/wireguard\/wg0.conf\n<\/code><\/pre>\n\n\n\n\n- In that file, paste the following:<\/li>\n<\/ol>\n\n\n\n
[Interface]\nAddress = 10.0.0.1\/24\nListenPort = 41194\nPrivateKey = SERVER_PRIVATE_KEY\n<\/code><\/pre>\n\n\n\n\n- Address<\/strong>\u00a0defines the private IPv4 and IPv6 addresses for the WireGuard server. Each peer in the VPN network should have a unique value for this field.<\/li>\n\n\n\n
- ListenPort<\/strong>\u00a0specifies which port WireGuard will use for incoming connections.NOTE:<\/strong>\u00a0If you want to have many servers connected to one or more clients, you need to have different\u00a0ListenPort<\/strong>, and allow it in your server ufw.<\/li>\n<\/ul>\n\n\n\n
Now, save and close the file.<\/p>\n\n\n\n
Set up UFW firewall rules to open required ports<\/h3>\n\n\n\n$ sudo ufw allow 41194\/udp\n$ sudo ufw status\n<\/code><\/pre>\n\n\n\nIf the ufw<\/code> is inactive, you can enable it by the following command:<\/p>\n\n\n\nsudo ufw enable\n<\/code><\/pre>\n\n\n\nEnable and start WireGuard Service<\/h3>\n\n\n\n
Turn the WireGuard service at boot time using the systemctl command, run:<\/p>\n\n\n\n
sudo systemctl enable wg-quick@wg0\n<\/code><\/pre>\n\n\n\nStart the service, execute:<\/p>\n\n\n\n
sudo systemctl start wg-quick@wg0\n<\/code><\/pre>\n\n\n\nGet the service status, run:<\/p>\n\n\n\n
sudo systemctl status wg-quick@wg0\n<\/code><\/pre>\n\n\n\n\nNote You can turn off the wg0 interface with sudo systemctl stop wg-quick@wg0<\/code><\/p>\n<\/blockquote>\n\n\n\nVerify that interface named wg0 is up and running on Ubuntu server using the following command:<\/p>\n\n\n\n
$ sudo wg\n$ sudo ip a show wg0\n<\/code><\/pre>\n\n\n\nWireguard Client<\/h3>\n\n\n\n
The process for setting up a client is exactly same as setting up the server. When using Ubuntu as your client\u2019s operating system, the only difference between the client and the server is the contents of the configuration file. If your client uses Ubuntu, follow the steps provided in the above sections and in this section.<\/p>\n\n\n\n
\n- Generate a key pair for the client:<\/li>\n<\/ol>\n\n\n\n
$ mkdir ~\/.wireguard\n$ cd ~\/.wireguard\n$ umask 077\n$ wg genkey | tee privatekey | wg pubkey > publickey\n<\/code><\/pre>\n\n\n\n\n- Next, copy the contents of newly-generated private key with the command:<\/li>\n<\/ol>\n\n\n\n
cat privatekey\n<\/code><\/pre>\n\n\n\n\n- Copy that string to your clipboard and then create a new WireGuard configuration file with this command -we are using nano in this example, but feel free to use whatever text editor you prefer-:<\/li>\n<\/ol>\n\n\n\n
sudo nano \/etc\/wireguard\/wg0.conf\n<\/code><\/pre>\n\n\n\n\n- In that file, paste the following:<\/li>\n<\/ol>\n\n\n\n
[Interface]\nAddress = 10.0.0.2\/32\nPrivateKey = CLIENT_PRIVATE_KEY\n<\/code><\/pre>\n\n\n\nConnect the Client and Server<\/h3>\n\n\n\n
First of all, you need to stop the interface on the server, by issuing the following command:<\/p>\n\n\n\n
sudo systemctl stop wg-quick@wg0\n<\/code><\/pre>\n\n\n\n\n- Edit the client\u2019s wg0.conf file by adding the server\u2019s public key, public IP address, and port:<\/li>\n<\/ol>\n\n\n\n
[Peer]\nPublicKey = SERVER_PUBLIC_KEY\nEndpoint = SERVER_PUBLIC_IP:41194\nAllowedIPs = 10.0.0.0\/24\nPersistentKeepalive = 15\n<\/code><\/pre>\n\n\n\n\n- Edit the server\u2019s wg0.conf file by adding the client\u2019s public key, and port:<\/li>\n<\/ol>\n\n\n\n
[Peer]\nPublicKey = CLIENT_PUBLIC_KEY\nAllowedIPs = 10.0.0.2\/0\n<\/code><\/pre>\n\n\n\nEnable and start VPN client\/peer connection, run:<\/p>\n\n\n\n
$ sudo systemctl enable wg-quick@wg0\n$ sudo systemctl start wg-quick@wg0\n$ sudo systemctl status wg-quick@wg0\n<\/code><\/pre>\n\n\n\nThen, run sudo wg<\/code> and you will be able to see their connection! The last two lines of the output from running the wg<\/code> command should be similar to:<\/p>\n\n\n\nlatest handshake: 1 minute, 17 seconds ago\ntransfer: 98.86 KiB received, 43.08 KiB sent\n<\/code><\/pre>\n\n\n\nThis indicates that you now have a private connection between the server and client. You can also ping the client from the server to verify that the connection works both ways.<\/p>\n\n\n\n
Verification<\/h3>\n\n\n\n
That is all. By now, both Ubuntu servers and clients must be connected securely using a peer-to-peer VPN called WireGuard. Let us test the connection. Type the following ping command on your client machine\/desktop system:<\/p>\n\n\n\n
$ ping 10.0.0.1\n$ sudo wg\n<\/code><\/pre>\n\n\n\nConclusion<\/h3>\n\n\n\n
Congratulation! You just learned about setting up a WireGuard VPN server on Ubuntu server and peer (client machine) . For more information, I strongly suggest that you read WireGuard<\/a> project documentation here.<\/p>\n","protected":false},"excerpt":{"rendered":"WireGuard is a simple, fast, and secure VPN that utilizes state-of-the-art cryptography. With a small source code footprint, it aims to be faster and leaner than other VPN protocols such<\/p>\n