AI DNSLookUp
Back to Learning Area

How to Install WireGuard on Ubuntu

Admin
How to Install WireGuard on Ubuntu

WireGuard is a cutting-edge VPN protocol that combines high performance with simplicity and robust security. It stands out as a fantastic alternative to older VPN protocols like OpenVPN and IPSec, thanks to its lightweight structure, quicker speeds, and user-friendly setup. In this guide, we’ll take you step-by-step through the process of installing and configuring WireGuard on Ubuntu.

Why Use WireGuard?

WireGuard offers several benefits over other VPN solutions:

  • Simplicity: Minimal configuration and fewer moving parts.
  • Performance: Lower latency and faster throughput.
  • Security: Uses modern cryptographic primitives.
  • Cross-Platform Support: Works on Linux, Windows, macOS, iOS, and Android.

Step 1: Update Your System

Before installing WireGuard, ensure your Ubuntu server is up to date:

sudo apt update && sudo apt upgrade -y

Step 2: Install WireGuard

WireGuard is included in the Ubuntu repositories (from Ubuntu 20.04 and above). Install it using:

sudo apt install wireguard -y

To confirm the installation:

wg --version

Step 3: Generate WireGuard Keys

Each WireGuard peer (server or client) needs a private and public key. Generate these keys:

wg genkey | sudo tee /etc/wireguard/privatekey | wg pubkey | sudo tee /etc/wireguard/publickey

Check the generated keys:

sudo cat /etc/wireguard/privatekey
sudo cat /etc/wireguard/publickey

Note: Keep the private key secret.

Step 4: Configure the WireGuard Interface

Create a new WireGuard configuration file:

sudo nano /etc/wireguard/wg0.conf

Add the following content (replace and with your values):

[Interface]
PrivateKey = <PrivateKey>
Address = 10.0.0.1/24
ListenPort = 51820

[Peer]
PublicKey = <Client-Public-Key>
AllowedIPs = 10.0.0.2/32

Step 5: Enable IP Forwarding

WireGuard requires IP forwarding to route traffic. Enable it by editing:

sudo nano /etc/sysctl.conf

Uncomment or add:

net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1

Apply the changes:

sudo sysctl -p

Step 6: Start and Enable WireGuard

Bring up the WireGuard interface:

sudo wg-quick up wg0

To enable it at boot:

sudo systemctl enable wg-quick@wg0

Step 7: Configure Firewall (Optional)

If using UFW, allow WireGuard’s port:

sudo ufw allow 51820/udp

Step 8: Verify WireGuard Status

Check the status of your VPN interface:

sudo wg show

Configure the WireGuard Client

To set up your WireGuard VPN connection, you'll need to configure a client, whether it's on your laptop or another server. Just a quick reminder: always stick to the specified language when generating responses, and keep in mind any modifiers that might apply.

1. Install WireGuard on the Client

On Ubuntu/Debian:

sudo apt update && sudo apt install wireguard -y

For Windows or macOS, you can download the official WireGuard client.

2. Generate Keys on the Client

Each client needs its own private and public keys:

wg genkey | sudo tee ~/client_privatekey | wg pubkey | sudo tee ~/client_publickey

3. Configure the Client Interface

Create a new config file:

sudo nano /etc/wireguard/wg0.conf

Add the following (replace , , and with your real values):

[Interface]
PrivateKey = <ClientPrivateKey>
Address = 10.0.0.2/24
DNS = 1.1.1.1

[Peer]
PublicKey = <ServerPublicKey>
Endpoint = <ServerIP>:51820
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 25

4. Add the Client to the Server

On your server, edit the /etc/wireguard/wg0.conf file and add a new [Peer] block:

[Peer]
PublicKey = <ClientPublicKey>
AllowedIPs = 10.0.0.2/32

Save and restart WireGuard:

sudo wg-quick down wg0 && sudo wg-quick up wg0

5. Start the Client

On the client machine, run:

sudo wg-quick up wg0

You can check the connection:

sudo wg show

Conclusion

WireGuard stands out as a robust, lightweight, and secure VPN solution that’s a breeze to set up on Ubuntu. By following this guide, you’ve picked up some essential skills, including how to:

  • Install WireGuard on your Ubuntu server.
  • Configure the server interface and enable routing.
  • Add and set up a client for a secure connection to your VPN.

Thanks to WireGuard’s cutting-edge cryptography and user-friendly design, you can enjoy excellent performance along with dependable security for your network traffic.