How To Set Up WireGuard on Ubuntu 20.04
WireGuard is a modern VPN solution that is simple, fast, and secure. It operates at the kernel level, providing high performance and ease of use compared to traditional VPN protocols. This guide will walk you through the installation and configuration of WireGuard on Ubuntu 20.04.
Prerequisites
Before you begin, make sure you have the following:
A server running Ubuntu 20.04.
A non-root user with sudo privileges.
An active internet connection.
Step 1: Update Your System
Start by updating your package list to ensure you have the latest versions of software:
sudo apt update
sudo apt upgrade -y
Step 2: Install WireGuard
To install WireGuard, use the following command:
sudo apt install wireguard -y
This command installs the WireGuard kernel module and the userspace tools required for configuration.
Step 3: Generate Key Pairs
WireGuard uses public and private keys for authentication. Each peer in the VPN network will need its own key pair. To generate a key pair, follow these steps:
Create a directory for your keys:
mkdir -p ~/wireguard-keys
cd ~/wireguard-keys
Generate a private key:
wg genkey | tee privatekey | wg pubkey > publickey
Store the keys in variables for easy access:
PRIVATE_KEY=$(cat privatekey)
PUBLIC_KEY=$(cat publickey)
You will use these keys in your WireGuard configuration.
Step 4: Configure the WireGuard Server
Create the configuration file for the WireGuard server:
sudo nano /etc/wireguard/wg0.conf
Add the following configuration to the file, replacing the placeholders with your actual values:
[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = YOUR_PRIVATE_KEY[Peer]
PublicKey = PEER_PUBLIC_KEY
AllowedIPs = 10.0.0.2/32
Replace YOUR_PRIVATE_KEY with the server’s private key.
The Address field specifies the VPN subnet. In this case, 10.0.0.1 is the server’s internal IP address.
The Peer section is for adding client configurations. You can replace PEER_PUBLIC_KEY with the public key of the client that will connect to the server.
Step 5: Enable IP Forwarding
For the VPN to work properly, you need to enable IP forwarding on your server. Run the following command:
sudo sysctl -w net.ipv4.ip_forward=1
To make this change persistent across reboots, edit the /etc/sysctl.conf file:
sudo nano /etc/sysctl.conf
Uncomment or add the following line:
net.ipv4.ip_forward=1
Save and exit the file. To apply the changes, run:
sudo sysctl -p
Step 6: Start WireGuard
You can now start the WireGuard server using the following command:
sudo wg-quick up wg0
To ensure the server starts on boot, enable the service:
sudo systemctl enable wg-quick@wg0
Step 7: Configure the WireGuard Client
On the client machine, install WireGuard using the same steps as above. Then generate a key pair for the client:
wg genkey | tee privatekey | wg pubkey > publickey
Now create the client configuration file:
sudo nano /etc/wireguard/wg0.conf
Add the following configuration, replacing placeholders:
[Interface]
Address = 10.0.0.2/24
PrivateKey = YOUR_CLIENT_PRIVATE_KEY[Peer]
PublicKey = SERVER_PUBLIC_KEY
Endpoint = SERVER_IP:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25
Replace YOUR_CLIENT_PRIVATE_KEY with the client’s private key.
Replace SERVER_PUBLIC_KEY with the server’s public key.
Replace SERVER_IP with the public IP address of your WireGuard server.
Step 8: Start the WireGuard Client
To start the WireGuard client, run:
sudo wg-quick up wg0
You can verify the connection by checking the status:
sudo wg
Step 9: Firewall Configuration
If you have a firewall running, you’ll need to allow traffic on the WireGuard port (51820 by default). For example, using ufw:
sudo ufw allow 51820/udp
Make sure to enable UFW if it’s not already enabled:
sudo ufw enable
Conclusion
You have successfully set up WireGuard on Ubuntu 20.04. With its high performance and security features, WireGuard is a great choice for a VPN solution. You can easily add more peers by repeating the configuration steps for each client.
