Key Features

• Easy to use: With the help of a simple key exchange, a VPN connection made here.
• Trusted Cryptography: It uses state of the art cryptography like-Curve25519, HKDF, or Blake2.
• Performance: Suitable for both low and high configuration devices.
• Quick deployment: Can be setup quickly, with very few commnads.

Server Settings for WireGuard VPN

Let’s deploy WireGuard VPN with Ubuntu 20.04 LTS. The client machine (Ubuntu 20.04) is required as well.

Update server.

# apt-get update 

Install package.

# apt-get install wireguard

Have a look if ip forwarding enabled or not.

# nono /etc/sysctl.conf

WireGuard work on port 51820, allow that.

 #ufw allow 51820/udp
Rules updated
Rules updated (v6)

Both client and server require to generate their own private and public keys, let’s do that for the server first.

# cd /etc/wireguard/

Change permissions.

# umask 077

Generate private and public keys.

#wg genkey | tee privatekey | wg pubkey > publickey

Have a look, if keys are generated.

Amend WireGuard configuration file, create file /etc/wiregurard.

#touch wg0.conf 

Edit wg0.conf.

# nano wg0.conf

You can copy configuration file from here:

[Interface]
PrivateKey = CA1l0/AkJRoE9HXkjOECJySGD+8D14nwwoRO3HVVCls=
Address = 192.168.1.239/24
SaveConfig=true
PostUp=iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown=iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51820

Where,

PrivateKey= Copy private key.

Address= Server IP address.

Copy IP tables rule from here.

ListenPort= WireGuard VPN default port.

 Make network interface up for WireGuard

# wg-quick up wg0

**Command Output***

[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 192.168.1.0/24 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 

Check WireGuard service status

# wg

Output

Client Settings for WireGuard VPN

Let’s login to client. Here we have another Ubuntu machine. Install WireGuard VPN client with apt install WireGuard command as we did for server.

Generate keys

#wg genkey | tee privatekey | wg pubkey > publickey

Create and edit wg0.conf file for client. Where

[Interface]

PrivateKey= The key generated for client.

ListenPort=The Default port for WireGuard VPN.

Address= IP address of that client machine.

[Peer]

PublicKey= copy public key from server.

EndPoint= Ip address of the server.

AllowedIPs = all all traffic via WireGuard VPN.

Make WireGuard up

#wg-quick up wg0

Check services

# wg

Add client to the server, copy client key and paste in server wg conf file, run following command, and paste copied key.

wg set wg0 peer 21aCR8N0sUDuqUlVVm/Y7r5OKVV8FT9cZZr0YcEagUg= allowed-ips 192.168.1.0/24

You can add as many clients are required by adding private keys, and ip ddresses of the clients.

Stop and start back wg service and check, if any update in the conf file. Yes, we can see the changes.

# wg-quick down wg0 && wg-quick up wg0

Here all your WireGuard VPN is set to go. Though WireGuard is getting popular day by day, but still so many changes are going on. WireGuard should be avoided for any critical live environment.

The post How to setup WireGuard VPN with ubuntu 20.04 appeared first on Linux Windows and android Tutorials.