Skip to content

Instantly share code, notes, and snippets.

@teja156

teja156/wireguardvpn_installation.md

Last active June 30, 2023 18:38
Show Gist options
  • Save teja156/5faa8a1df73f8826456332115ad3822a to your computer and use it in GitHub Desktop.
Save teja156/5faa8a1df73f8826456332115ad3822a to your computer and use it in GitHub Desktop.
Download ZIP
Commands to install Wireguard VPN
Raw
wireguardvpn_installation.md

Commands to install Wireguard VPN on Ubuntu

YouTube Video: https://youtu.be/SzSSll7nJnI

SERVER

Install Wireguard

sudo apt update
sudo apt install wireguard

Generate private and public keys

# Generate private key
wg genkey | sudo tee /etc/wireguard/private.key

# Set appropriate permissions to private key
sudo chmod go= /etc/wireguard/private.key

# Generate public key
sudo cat /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key

Create wireguard configuration

# Create a conf file
sudo nano /etc/wireguard/wg0.conf

Write the following lines to the file and save it:

[Interface]
PrivateKey = base64_encoded_private_key_goes_here
Address = 10.8.0.1/24
ListenPort = 51820
SaveConfig = true

PostUp = ufw route allow in on wg0 out on eth0
PostUp = iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
PreDown = ufw route delete allow in on wg0 out on eth0
PreDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

Note: Replace eth0 with your public network interface. You can find your public network interface by running ip route list default

Enable IP forwarding

sudo nano /etc/sysctl.conf

Write the following to the file and save it:

net.ipv4.ip_forward=1

Firewall rules

# Enable wireguard port
sudo ufw enable 51820/udp

# Enable SSH
sudo ufw enable OpenSSH

# Re-load firewall
sudo ufw disable
sudo ufw enable

systemd service

# Enable wireguard systemd service
sudo systemctl enable wg-quick@wg0.service

# Start the wireguard service
sudo systemctl start wg-quick@wg0.service

The configuration on the server side is done (well, almost)

PEER

Install wireguard

You can install the GUI version of wireguard (https://www.wireguard.com/install/) or install the CLI version just like you did for the server.

Generate private and public keys

From GUI, you can generate a new config by selecting "Add empty tunnel". This will automatically generate both private and public keys. If you're using a CLI, follow the same method as you did for the server

Wireguard client configuration

Edit the configuration file and add the following lines

[Interface]
PrivateKey = base64_encoded_peer_private_key_goes_here
Address = 10.8.0.2/24
DNS = dns_server_address

[Peer]
PublicKey = base64_encoded_server_public_key_goes_here
AllowedIPs = 0.0.0.0/0
Endpoint = <Server public IP address>:51820

Add the peer on the server

Log back into the server and add the peer

sudo wg set wg0 peer base64_encoded_peer_public_key_goes_here allowed-ips 10.8.0.2

That's it! Now you can connect your peer (client) to your wireguard VPN server either by clicking on "Activate" (If you're using the GUI) or by running the command sudo wg-quick up wg0 (If you're using the CLI)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment