How To Set Up WireGuard VPN On Ubuntu.
In this tutorial, we will set up WireGuard on an Ubuntu machine that will act as a VPN server. We’ll also show you how to configure WireGuard as a client. The client’s traffic will be routed through the Ubuntu 18.04 server.
WireGuard is a modern VPN (Virtual Private Network) technology with state-of-the-art cryptography. Compared to other similar solutions, such as IPsec and OpenVPN , WireGuard is faster, easier to configure, and more performant. It is a cross-platform and can run almost anywhere, including Linux, Windows, Android, and macOS. Wireguard is a peer-to-peer VPN; it does not use the client-server model. Depending on its configuration, a peer can act as a traditional server or client.
Setting Up the WireGuard Server
In this section, we’ll install WireGuard on the Ubuntu machine and set it up to act as a server. We’ll also configure the system to route the clients’ traffic through it.
Installing WireGuard on Ubuntu 18.04
WireGuard is included in the default Ubuntu repositories. To install it run the following commands:
WireGuard runs as a kernel module, which is compiled as a DKMS module. On success, you’ll see the following output:
When you update the kernel the WireGuard module will be compiled against the new kernel.
WireGuard ships with two command-line tools named wg and wg-quick that allow you to configure and manage the WireGuard interfaces.
Run the following command to generate the public and private keys:
The files will be generated in the /etc/wireguard directory. You can view the files with cat or less . The private key should never be shared with anyone.
Now that the keys are generated, we’ll need to configure the tunnel device that will route the VPN traffic.
The device can be set up either from the command line using the ip and wg or by creating the configuration file with a text editor.
Create a new file named wg0.conf and add the following contents:
The interface can be named anything, however it is recommended to use something like wg0 or wgvpn0. The settings in the interface section have the following meaning:
The wg0.conf and privatekey files should not be readable to normal users. Use chmod to set the permissions to 600:
Once done, bring the wg0 interface up using the attributes specified in the configuration file:
The command will produce an output similar to the following:
Run wg show wg0 to check the interface state and configuration:
You can also run ip a show wg0 to verify the interface state:
To bring the WireGuard interface at boot time run the following command:
Server Networking and Firewall Configuration
For NAT to work, we need to enable IP forwarding. Open the /etc/sysctl.conf file and add or uncomment the following line:
Save the file and apply the change:
If you are using UFW to manage your firewall you need to open UDP traffic on port 51820:
That’s it. The Ubuntu peer that will act as a server has been set up.
We have shown you how to install WireGuard on an Ubuntu machine and configure it as a VPN server. This setup allows you to surf the web anonymously by keeping your traffic data private.