Log in Sign up
Home page / Professional articles / How to Set Up WireGuard on Ubuntu: Step-by-Step Guide with Hostereo

How to Set Up WireGuard on Ubuntu: Step-by-Step Guide with Hostereo

How to Set Up WireGuard on Ubuntu 22.04

WireGuard is a fast and lightweight VPN solution that uses modern encryption protocols. This guide will help you install and configure WireGuard on Ubuntu 22.04, set up a secure connection between a server and a client, and route traffic through the VPN.

This guide walks you through the steps to configure WireGuard on Ubuntu 22.04, including setting up a server and a peer, and routing internet traffic securely through the VPN.

Prerequisites

  1. Ubuntu 22.04 server: A non-root user with sudo privileges and a firewall enabled.
  2. Your machine (peer): This will connect to your VPN. It can be a local machine, a remote server, or even a mobile device.
  3. IPv6 Support: Optional if your VPN will route IPv6 traffic.
  4. Access to the terminal: You’ll need to perform commands via SSH or directly on the server.

Step 1: Installing WireGuard and Generating Keys

1. Install WireGuard on the server:
Copy and paste this command into your terminal to install WireGuard.
sudo apt update

sudo apt install wireguard

2. Generate private and public keys:
Copy and paste this command into your terminal.
wg genkey | sudo tee /etc/wireguard/private.key

sudo chmod go= /etc/wireguard/private.key

sudo cat /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key

  1. The private key is stored in /etc/wireguard/private.key.
  2. The public key is stored in /etc/wireguard/public.key.

Step 2: Choosing IPv4 and IPv6 Ranges

IPv4 Address Range: Choose a private range, e.g., 10.8.0.0/24.

The server’s IP address within this range will be 10.8.0.1/24.

IPv6 Address Range (Optional): Generate a unique prefix using RFC 4193:
bash
Copy code
date +%s%N | sha1sum | cut -c 31-

Append the output to fd00::/8, e.g., fd24:609a:6c18::/64.

Step 3: Configuring the WireGuard Server

1. Create the configuration file:
Copy and paste this command into your terminal.
sudo nano /etc/wireguard/wg0.conf

2. Add the following content:
makefile
Copy and paste this command into your terminal.
[Interface]

PrivateKey =

Address = 10.8.0.1/24, fd24:609a:6c18::1/64

ListenPort = 51820

SaveConfig = true

  1. Replace with the private key from Step 1.
  2. Save and close the file (CTRL+X, then Y, and Enter).

Step 4: Adjusting Network Configuration

Enable IP forwarding:
Copy and paste this command into your terminal.

sudo nano /etc/sysctl.conf

Add:
python
Copy and paste сode below.

net.ipv4.ip_forward=1

net.ipv6.conf.all.forwarding=1

Apply the changes:
Copy and paste this command into your terminal.

sudo sysctl -p

Step 5: Configuring Firewall Rules

Identify the public interface:
Copy and paste this command into your terminal.

ip route list default

Example output:
arduino
Copy code
default via 203.0.113.1 dev eth0

Edit the WireGuard config to include firewall rules:
Copy and paste this command into your terminal.
sudo nano /etc/wireguard/wg0.conf

Add:
makefile
Copy code
PostUp = iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE

PostUp = ip6tables -t nat -I POSTROUTING -o eth0 -j MASQUERADE

PreDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

PreDown = ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

Replace eth0 with your public interface.

Open the WireGuard port in UFW:
Copy and paste this command into your terminal.

sudo ufw allow 51820/udp

Step 6: Starting the WireGuard Service

1. Enable WireGuard to start at boot:
Copy and paste this command into your terminal.

sudo systemctl enable [email protected]

2.Start the service:
Copy and paste this command into your terminal.
sudo systemctl start [email protected]

3.Verify the status:
Copy and paste this command into your terminal.
sudo systemctl status [email protected]

Step 7: Configuring the Peer

Install WireGuard on the peer machine:
Copy and paste this command into your terminal.

sudo apt update

sudo apt install wireguard

Generate the peer’s keys:
Copy and paste this command into your terminal.

wg genkey | sudo tee /etc/wireguard/private.key

sudo chmod go= /etc/wireguard/private.key

sudo cat /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key

Create the configuration file:
Copy and paste this command into your terminal.
sudo nano /etc/wireguard/wg0.conf

Add:
makefile
Copy code
[Interface]

PrivateKey =

Address = 10.8.0.2/24, fd24:609a:6c18::2/64

[Peer]

PublicKey =

AllowedIPs = 0.0.0.0/0, ::/0

Endpoint = :51820

Replace , , and with actual values.

Start the tunnel:
Copy and paste this command into your terminal.

sudo wg-quick up wg0

Step 8: Verifying the Connection

On the server, check active peers:
Copy and paste this command into your terminal.

sudo wg

Output will show connected peers and traffic stats.

On the peer, confirm traffic routing:
Copy and paste this command into your terminal.

ip route get 1.1.1.1

Test using external tools like ipleak.net.

Step 9: Disconnecting the Peer

To disconnect:

Copy and paste this command into your terminal.

sudo wg-quick down wg0

To reconnect:

Copy and paste this command into your terminal.

sudo wg-quick up wg0

Conclusion

Now your WireGuard VPN is fully configured, offering a secure and fast connection. For more advanced configurations, refer to the official WireGuard documentation.We trust this tutorial has been of assistance. If you need help, please search your query on Hostereo FAQ or create a support ticket.

אחסון VPS – אחסון אתרים VPS

כאשר אתם מתכננים להקים אתר אינטרנט או לשדרג את האחסון הקיים שלכם, אחסון VPS (Virtual Private Server) מהווה אפשרות מצוינת שכדאי לשקול. אחסון אתרים […]

Learn more
23.09.2024

טיוטה אוטומטית

Learn more
30.09.2024

How can I increase my limits?

There are two options to increase your limits: Request a limit increase through customer support: If you need to increase your limits, you can contact […]

Learn more
11.10.2024
All articles