Set Up WireGuard VPN Server on Ubuntu 22

By Digv | Date: September 22, 2023

Set Up WireGuard VPN Server on Ubuntu 22

 

WireGuard is a fast and modern VPN protocol that is easy to set up. In this tutorial, we will guide you through the process of setting up a WireGuard VPN server on Ubuntu 22.

 

Step 1: Update Ubuntu

 

Before we begin, let's make sure your Ubuntu system is up to date.

 

sudo apt update 

 

sudo apt upgrade -y

 

 

Step 2: Install WireGuard

 

WireGuard is available in the Ubuntu repository, so you can easily install it.

 

sudo apt install wireguard -y

 

 

Step 3: Generate Server and Client Keys

 

 

Generate the server and client keys and store them in separate files.

 

umask 077 wg genkey | tee server_private_key | wg pubkey > server_public_key wg genkey | tee client_private_key | wg pubkey > client_public_key

 

Step 4: Configure WireGuard

Create a WireGuard configuration file for the server.

 

sudo nano /etc/wireguard/wg0.conf

 

Insert the following configuration, replacing  with the content of your server's private key and  with the content of your server's public key:

 

[Interface]
Address = 10.0.0.1/24
SaveConfig = true
PrivateKey = 
ListenPort = 51820

[Peer]
PublicKey = 
AllowedIPs = 10.0.0.2/32

 

Save and exit the text editor.

 

Step 5: Start and Enable WireGuard

 

Start and enable the WireGuard service.

 

sudo systemctl start wg-quick@wg0 sudo systemctl enable wg-quick@wg0

 

Step 6: Configure the Client

 

On the client machine, create a WireGuard configuration file:

 

sudo nano /etc/wireguard/wg0.conf

 

Insert the following configuration, replacing  with the content of your client's private key,  with your server's public IP address, and  with your server's public key:

 

[Interface]
Address = 10.0.0.2/24
PrivateKey = 
DNS = 8.8.8.8

[Peer]
PublicKey = 
Endpoint = :51820
AllowedIPs = 0.0.0.0/0


Save and exit the text editor.

 

Step 7: Start WireGuard on the Client

 

Start WireGuard on the client machine:

 

sudo systemctl start wg-quick@wg0

 

Step 8: Test the Connection

 

Test the WireGuard connection by pinging the server from the client:

 

ping 10.0.0.1

 

 

If you receive replies, the connection is successful.

 

Step 9: Enable IP Forwarding (Optional)

 

If you want to route internet traffic through the VPN server, enable IP forwarding:

 

 

sudo nano /etc/sysctl.conf

 

 

Uncomment the following line:

 

net.ipv4.ip_forward=1

 

 

Save and exit the text editor, then apply the changes:

 

 

sudo sysctl -p

 

Step 10: Configure Firewall Rules (Optional)

 

If you have a firewall enabled, allow traffic on the WireGuard port:

 

 

sudo ufw allow 51820/udp

 

Step 11: Conclusion

 

Congratulations! You've successfully set up a WireGuard VPN server on Ubuntu 22. You can now securely connect to your server from your client machine.

 

Remember to keep your keys and configurations secure.