How to Install Wireguard on Ubuntu 20.04

How to Install Wireguard on Ubuntu 20.04

Update and Upgrade Ubuntu

sudo apt-get update && sudo apt-get upgrade -y

Install Wireguard

sudo apt-get install wireguard

Open the system variables file for edit.

sudo nano /etc/sysctl.conf

Then uncomment the following line by removing the # at the beginning of the line.

net.ipv4.ip_forward=1

Apply

sudo sysctl -p

Install and Configure UFW

# Install UFW
sudo apt install ufw

# Firewall Rules
sudo ufw allow ssh
sudo ufw allow 51820/udp

# Enable Firewall
sudo ufw enable

#Check UFW Status
sudo ufw status

Generating private and public keys and Configure

# Change Directory
cd /etc/wireguard

# Set Permissions
umask 077

#  Generate a new key pair with the command below
wg genkey | tee privatekey | wg pubkey > publickey

Generate server config

# Create new config file
sudo nano /etc/wireguard/wg0.conf
[Interface]
PrivateKey = <contents-of-server-privatekey>
Address = 10.0.0.1/24
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51820

[Peer]
PublicKey = <contents-of-client-publickey>
AllowedIPs = 10.0.0.2/32
sudo cat /etc/wireguard/publickey
sudo cat /etc/wireguard/privatekey

Start Wireguard

wg-quick up wg0

Check Wireguard Config

wg show

Enable Automatic Start

systemctl enable wg-quick@wg0

Update Server

sudo apt-get update && sudo apt-get upgrade -y

Client configuration

Create new Config file on Client Device

sudo nano /etc/wireguard/wg0.conf
Remember to set the client private key and server public key to their corresponding places and also include your WireGuard server’s public IP address.
[Interface]
Address = 10.0.0.2/32
PrivateKey = <contents-of-client-privatekey>
DNS = 1.1.1.1

[Peer]
PublicKey = <contents-of-server-publickey>
Endpoint = <server-public-ip>:51820
AllowedIPs = 0.0.0.0/0, ::/0
Note that setting AllowedIPs to 0.0.0.0/0, ::/0 will forward all traffic over the WireGuard VPN connection.

Start the connection with the command below.

sudo wg-quick up wg0

To Disconnect

sudo wg-quick down wg0
sudo systemctl stop wg-quick@wg0


Share Tweet Send
0 Comments
Loading...