12 C
Texas

How to setup WireGuard VPN with ubuntu 20.04

Here, we will learn today how to configure WireGuard VPN with Ubuntu 20.04. Wireguard® is an amazingly straightforward yet quick and present-day VPN that uses cutting edge cryptography. It expects to be quicker and more straightforward. It means to be significantly more performant than OpenVPN. At first, was released for the Linux part, WireGuard VPN is currently cross-stage (Windows, macOS, BSD, iOS, Android) and broadly deployable.

Key Features

  • Easy to use: With the help of a simple key exchange, a VPN connection made here.
  • Trusted Cryptography: It uses state of the art cryptography like-Curve25519, HKDF, or Blake2.
  • Performance: Suitable for both low and high configuration devices.
  • Quick deployment: Can be setup quickly, with very few commnads.

Server Settings for WireGuard VPN

Let’s deploy WireGuard VPN with Ubuntu 20.04 LTS. The client machine (Ubuntu 20.04) is required as well.

Update server.

# apt-get update 
- Advertisement -

Install package.

# apt-get install wireguard
Install wireguard package
Install wireguard package

Have a look if ip forwarding enabled or not.

# nono /etc/sysctl.conf

Enable IP forwarding for server
Enable IP forwarding for server

WireGuard work on port 51820, allow that.

 #ufw allow 51820/udp
Rules updated
Rules updated (v6)

Both client and server require to generate their own private and public keys, let’s do that for the server first.

# cd /etc/wireguard/

Change permissions.

# umask 077

Generate private and public keys.

#wg genkey | tee privatekey | wg pubkey > publickey

Have a look, if keys are generated.

Generate private and public keys for server
Generate private and public keys for server

Amend WireGuard configuration file, create file /etc/wiregurard.

#touch wg0.conf 

Edit wg0.conf.

# nano wg0.conf

You can copy configuration file from here:

[Interface]
PrivateKey = CA1l0/AkJRoE9HXkjOECJySGD+8D14nwwoRO3HVVCls=
Address = 192.168.1.239/24
SaveConfig=true
PostUp=iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown=iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51820

Where,

PrivateKey= Copy private key.

Address= Server IP address.

Copy IP tables rule from here.

ListenPort= WireGuard VPN default port.

Edit wg0.conf file for server
Edit wg0.conf file for server
 Make network interface up for WireGuard
# wg-quick up wg0

**Command Output***

[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 192.168.1.0/24 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 
make WireGuard VPN up
make WireGuard VPN up

Check WireGuard service status

# wg

Output

check wg service status
check wg service status

Client Settings for WireGuard VPN

Let’s login to client. Here we have another Ubuntu machine. Install WireGuard VPN client with apt install WireGuard command as we did for server.

Generate keys

#wg genkey | tee privatekey | wg pubkey > publickey

Create and edit wg0.conf file for client. Where

[Interface]

PrivateKey= The key generated for client.

ListenPort=The Default port for WireGuard VPN.

Address= IP address of that client machine.

[Peer]

PublicKey= copy public key from server.

EndPoint= Ip address of the server.

AllowedIPs = all all traffic via WireGuard VPN.

edit WireGuard client conf file
edit WireGuard client conf file

Make WireGuard up

#wg-quick up wg0
Make service up for client
Make WireGuard service up for client

Check services

# wg
Check wg service status

Add client to the server, copy client key and paste in server wg conf file, run following command, and paste copied key.

wg set wg0 peer 21aCR8N0sUDuqUlVVm/Y7r5OKVV8FT9cZZr0YcEagUg= allowed-ips 192.168.1.0/24

You can add as many clients are required by adding private keys, and ip ddresses of the clients.

Stop and start back wg service and check, if any update in the conf file. Yes, we can see the changes.

# wg-quick down wg0 && wg-quick up wg0
Check WireGuard VPN conf file on server for changes
Check WireGuard VPN conf file on server for changes

Here all your WireGuard VPN is set to go. Though WireGuard is getting popular day by day, but still so many changes are going on. WireGuard should be avoided for any critical live environment.

- Advertisement -
Everything Linux, A.I, IT News, DataOps, Open Source and more delivered right to you.
Subscribe
"The best Linux newsletter on the web"

LEAVE A REPLY

Please enter your comment!
Please enter your name here



Latest article