Setup Wireguard VPN on Ubuntu

By /

WireGuard is a communication protocol and free and open-source software that implements encrypted virtual private networks, and was designed with the goals of ease of use, high speed performance, and low attack surface.

Server Side Setup :

  • Step 1 — Installing WireGuard and Generating a Key Pair
$ sudo apt update
$ sudo apt install wireguard -y
  • Step 2 – Configuring the WireGuard server
 $ sudo  -i
 $ cd /etc/wireguard/
 $ umask 077; wg genkey | tee privatekey | wg pubkey > publickey
 $ ls -l privatekey publickey
 $ cat privatekey
 $ cat publickey
 $ sudo vim /etc/wireguard/wg0.conf
  • Server wg0.conf file code 
# local settings for WireGuard Server
[Interface]
PrivateKey = ABBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBFA= 
Address = 10.0.0.2/32
ListenPort = 51820

# IP forwarding
PreUp = sysctl -w net.ipv4.ip_forward=1
# IP masquerading
PreUp = iptables -t mangle -A PREROUTING -i wg0 -j MARK --set-mark 0x30
PreUp = iptables -t nat -A POSTROUTING ! -o wg0 -m mark --mark 0x30 -j MASQUERADE
PostDown = iptables -t mangle -D PREROUTING -i wg0 -j MARK --set-mark 0x30
PostDown = iptables -t nat -D POSTROUTING ! -o wg0 -m mark --mark 0x30 -j MASQUERADE

# firewall local host from wg peers
PreUp = iptables -A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
PreUp = iptables -A INPUT -i wg0 -j REJECT
PostDown = iptables -D INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
PostDown = iptables -D INPUT -i wg0 -j REJECT
# firewall wg peers from other hosts
PreUp = iptables -A FORWARD -o wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
PreUp = iptables -A FORWARD -o wg0 -j REJECT
PostDown = iptables -D FORWARD -o wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
PostDown = iptables -D FORWARD -o wg0 -j REJECT

# remote settings for Justin's Workstation
[Peer]
PublicKey = ABBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBFA=
AllowedIPs = 10.0.0.1/32
  • Note
    1. Replace the PrivateKey value with the private key you generated on the server, and the PublicKey value with the key that will be generated during the client-side setup.
    2. Make sure in the Address value, put the range of your vpc.
    3. Please change the ‘AllowedIPs’ value to the assigned addresses for the client server.

Step 3:- Start, Stop, and Status Wireguard server

$ sudo systemctl start wg-quick@wg0.service
$ sudo systemctl stop wg-quick@wg0.service
$ sudo systemctl status wg-quick@wg0.service
  • Verify :- Server Connection
$ sudo wg
$ ifconfig wg0
  • Step 4:- VPN Server aws security group open custom UDP port :
Port - 51820

Client Side Setup:-

  • Step 1 — Installing WireGuard and Generating a Key Pair
$ sudo apt update
$ sudo apt install wireguard -y
  • Step 2 – Configuring the WireGuard server
$ sudo -i
$ cd /etc/wireguard/
$ umask 077; wg genkey | tee privatekey | wg pubkey > publickey
$ ls -l privatekey publickey
$ cat privatekey
$ cat publickey
$ sudo vim /etc/wireguard/wg0.conf
  • Client wg0.conf file code 
# local settings for Workstation
[Interface]
PrivateKey = cNNHgtsXZXG0cJ7lL5mfEBL3fDaZM6hKNePQu0jCTkU= # PrivateKey of client
Address = 10.0.0.2/32  # client wg0 ip address


# remote settings for WireGuard Server
[Peer]
#server publickey
PublicKey = FDpMPkKH9ldTeipFZB08bizAnbSgWP/lmmgXQMTRil4=
Endpoint = 3.18.54.161:51820 # serverip:port
AllowedIPs = 10.10.0.0/16 # server VPC ip address
  • Step 3:- Start, Stop, and Status Wireguard server
 $ sudo systemctl start wg-quick@wg0.service
 $ sudo systemctl stop wg-quick@wg0.service
 $ sudo systemctl status wg-quick@wg0.service 
 $ sudo systemctl start wg-quick@wg0.service
  • Verify :- Server Connection
$ sudo wg
$ ifconfig wg0

Leave a Comment

Your email address will not be published. Required fields are marked *

VavenSoft ' advanced technologies are assembled to provide new opportunities for our clients. We ensure that cutting-edge technology for cooperative objectives will be made available.

Facebook-f Linkedin Twitter
Quick Links
Get In Touch

© 2024 All Rights Reserved.

Scroll to Top