How to Install and Configure WireGuard VPN Server on Ubuntu 22.04

Estimated reading: 3 minutes 407 views

WireGuard is a modern VPN (Virtual Private Network) technology that utilizes state-of-the-art cryptography. Compared to other popular VPN solutions, such as IPsec and OpenVPN , WireGuard is faster, easier to configure, and has a smaller footprint. It is cross-platform and can run almost anywhere, including Linux, Windows, Android, and macOS.
Wireguard is a peer-to-peer VPN; it does not use the client-server model. Depending on its configuration, a peer can act as a traditional server or client. It works by creating a network interface on each peer device that acts as a tunnel. Peers authenticate each other by exchanging and validating public keys, mimicking the SSH model. Public keys are mapped with a list of IP addresses that are allowed in the tunnel. The VPN traffic is encapsulated in UDP.
In this article, we’ll discuss how to set up a WireGuard VPN on Ubuntu 20.04 that will act as a VPN server. We’ll also show you how to configure WireGuard as a client. The client’s traffic will be routed through the Ubuntu 20.04 server.
This setup can be used as a protection against Man in the Middle attacks, surfing the web anonymously, bypassing Geo-restricted content, or allowing your colleagues who work from home to connect to the company network securely

The model in this article is as follows:

In this article, we use the server to install WireGuard Server with the following information:

Public static IP: 204.44.64.66
Network Interface Name: eth0
Listens port of WireGuard: 3650
Network private VPN IP: 192.168.6.0/24

How to set up the WireGuard Server

1. Update your system

# apt update
# apt upgrade

IP forwarding must be enabled for NAT to work. Open the /etc/sysctl.conf file and add or uncomment the following line:

# nano /etc/sysctl.conf
net.ipv4.ip_forward=1

Save the file and apply the change

# sysctl -p

2. Install WireGuard VPN server on Ubuntu 22.04

WireGuard is available from the default Ubuntu repositories. To install it, run the following commands:

# apt install wireguard

3. Configure WireGuard VPN Server

Step 1: Go to the /etc/wireguard directory

# cd /etc/wireguard/

Step 2: Using the wg command, we will create a private key and public key pair as shown below:

# wg genkey | tee privatekey | wg pubkey > publickey

  • Show content of the Private key
# cat privatekey

Please note it down for configuration in the next step

# cat publickey

Save the Publickey for config on the Client

Step 3: Create a new config file called wg0.conf

# touch wg0.conf
  • Open and new content
# nano wg0.conf
  • Add the following content to the configuration file:
[Interface] 
## Address : A private IP address for wg0 interface. 
Address = 192.168.6.1/24 
## Specify the listening port of WireGuard, I like port 3650, you can change it. 
ListenPort = 3650 
## A privatekey of the server ( cat /etc/wireguard/privatekey) 
PrivateKey = PrivateKey_of_the_Server

  • Save the file and exit
  • Change the permission on the Private key and wg0.conf file
# chmod 600 wg0.conf
# chmod 600 privatekey
  • Start and enable WireGuard service to auto-start at boot time
# systemctl start wg-quick@wg0
# systemctl enable wg-quick@wg0
# systemctl status wg-quick@wg0

  • Verify interface named wg0 is up
# wg

Step 4: Install and configure firewalls

# apt install ufw 
# ufw enable
# ufw allow 3650/udp
# ufw allow 22/tcp
# ufw reload
# ufw status

Conclusion

We have shown you how to install WireGuard on an Ubuntu 22.04 machine and configure it as a VPN server. This setup allows you to surf the web anonymously by keeping your traffic data private.

If you are facing any problems, feel free to leave a comment.

Good Luck!

Leave a Comment