How to Install and Configure WireGuard VPN Server on Ubuntu 22.04
WireGuard is a modern VPN (Virtual Private Network) technology that utilizes state-of-the-art cryptography. Compared to other popular VPN solutions, such as IPsec and OpenVPN , WireGuard is faster, easier to configure, and has a smaller footprint. It is cross-platform and can run almost anywhere, including Linux, Windows, Android, and macOS.
Wireguard is a peer-to-peer VPN; it does not use the client-server model. Depending on its configuration, a peer can act as a traditional server or client. It works by creating a network interface on each peer device that acts as a tunnel. Peers authenticate each other by exchanging and validating public keys, mimicking the SSH model. Public keys are mapped with a list of IP addresses that are allowed in the tunnel. The VPN traffic is encapsulated in UDP.
In this article, we’ll discuss how to set up a WireGuard VPN on Ubuntu 20.04 that will act as a VPN server. We’ll also show you how to configure WireGuard as a client. The client’s traffic will be routed through the Ubuntu 20.04 server.
This setup can be used as a protection against Man in the Middle attacks, surfing the web anonymously, bypassing Geo-restricted content, or allowing your colleagues who work from home to connect to the company network securely
The model in this article is as follows:
In this article, we use the server to install WireGuard Server with the following information:
Public static IP: 204.44.64.66 Network Interface Name: eth0 Listens port of WireGuard: 3650 Network private VPN IP: 192.168.6.0/24
How to set up the WireGuard Server
1. Update your system
# apt update # apt upgrade
IP forwarding must be enabled for NAT to work. Open the /etc/sysctl.conf
file and add or uncomment the following line:
# nano /etc/sysctl.conf
net.ipv4.ip_forward=1
Save the file and apply the change
# sysctl -p
2. Install WireGuard VPN server on Ubuntu 22.04
WireGuard is available from the default Ubuntu repositories. To install it, run the following commands:
# apt install wireguard
3. Configure WireGuard VPN Server
Step 1: Go to the /etc/wireguard directory
# cd /etc/wireguard/
Step 2: Using the wg command, we will create a private key and public key pair as shown below:
# wg genkey | tee privatekey | wg pubkey > publickey
- Show content of the Private key
# cat privatekey
Please note it down for configuration in the next step
# cat publickey
Save the Publickey for config on the Client
Step 3: Create a new config file called wg0.conf
# touch wg0.conf
- Open and new content
# nano wg0.conf
- Add the following content to the configuration file:
[Interface]
## Address : A private IP address for wg0 interface.
Address = 192.168.6.1/24
## Specify the listening port of WireGuard, I like port 3650, you can change it.
ListenPort = 3650
## A privatekey of the server ( cat /etc/wireguard/privatekey)
PrivateKey = PrivateKey_of_the_Server
- Save the file and exit
- Change the permission on the Private key and wg0.conf file
# chmod 600 wg0.conf # chmod 600 privatekey
- Start and enable WireGuard service to auto-start at boot time
# systemctl start wg-quick@wg0
# systemctl enable wg-quick@wg0
# systemctl status wg-quick@wg0
- Verify interface named wg0 is up
# wg
Step 4: Install and configure firewalls
# apt install ufw # ufw enable # ufw allow 3650/udp # ufw allow 22/tcp # ufw reload # ufw status
- How to Install and Configure WireGuard Client on Windows
- How to Install and Configure WireGuard Client on Linux
Conclusion
We have shown you how to install WireGuard on an Ubuntu 22.04 machine and configure it as a VPN server. This setup allows you to surf the web anonymously by keeping your traffic data private.
If you are facing any problems, feel free to leave a comment.
Good Luck!