how to setup wireguard on ubuntu

WireGuard is a modern, fast, and secure VPN protocol that is much simpler than traditional options like OpenVPN or IPSec. If you’re looking for a lightweight and efficient VPN solution, WireGuard is an excellent choice. This guide will walk you through setting up WireGuard on an Ubuntu server.

Prerequisites

Before getting started, ensure you have the following:

• A VPS or dedicated server running Ubuntu 20.04 or later
• Root or sudo access
• Basic knowledge of the Linux terminal

Step 1: Update Your System

First, make sure your system is up to date:

sudo apt update && sudo apt upgrade -y

This ensures that all packages are up to date before installing WireGuard.

Step 2: Install WireGuard

Ubuntu provides WireGuard in its official repositories, making installation straightforward:

sudo apt install wireguard -y

Once installed, verify the installation:

wg --version

Step 3: Generate Key Pairs

WireGuard requires a pair of cryptographic keys for secure communication. Generate them with:

wg genkey | tee privatekey | wg pubkey > publickey

This creates two files:

• privatekey: Your private key (keep this secure)
• publickey: Your public key (used for peer connections)

Step 4: Configure WireGuard

Create a new WireGuard configuration file:

sudo nano /etc/wireguard/wg0.conf

Add the following configuration:

[Interface]
PrivateKey = YOUR_PRIVATE_KEY
Address = 10.0.0.1/24
ListenPort = 51820
SaveConfig = true

[Peer]
PublicKey = PEER_PUBLIC_KEY
AllowedIPs = 10.0.0.2/32

Replace YOUR_PRIVATE_KEY with the content of the privatekey file.

Save the file and exit.

Step 5: Enable IP Forwarding

To allow traffic to pass through the VPN, enable IP forwarding:

echo "net.ipv4.ip_forward = 1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

Step 6: Start and Enable WireGuard

Bring up the WireGuard interface:

sudo systemctl start wg-quick@wg0
sudo systemctl enable wg-quick@wg0

Check the status:

sudo systemctl status wg-quick@wg0

If everything is configured correctly, WireGuard should now be running.

Step 7: Configure Firewall (Optional)

If using ufw, allow WireGuard traffic:

sudo ufw allow 51820/udp 
sudo ufw reload

Step 8: Add a Peer (Client)

On the client device, generate new keys:

wg genkey | tee client_private | wg pubkey > client_public

Modify the server’s wg0.conf to add a new peer:

[Peer]
PublicKey = CLIENT_PUBLIC_KEY
AllowedIPs = 10.0.0.2/32

Restart WireGuard:

sudo systemctl restart wg-quick@wg0

Step 9: Configure Client

On the client, create a configuration file:

[Interface]
PrivateKey = CLIENT_PRIVATE_KEY
Address = 10.0.0.2/24

[Peer]
PublicKey = SERVER_PUBLIC_KEY
Endpoint = YOUR_SERVER_IP:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25

Start WireGuard on the client:

wg-quick up client

Step 10: Verify Connection

Check active WireGuard connections:

wg show

If configured correctly, you should see the client’s public key and assigned IP. With these steps, WireGuard is now set up on your Ubuntu server. Enjoy your secure and high-performance VPN!