, , ,

How to Install WireGuard on Ubuntu 20.04 / 22.04 (Step by Step)

No comments

 How to Install WireGuard on Ubuntu 20.04 / 22.04 (Step by Step). In this post, we introduce WireGuard VPN, its advantages, features, then show you how to install WireGuard on Ubuntu 20.04 / 22.04.

What is WireGuard VPN?


Existing VPN protocols were created many years ago. They’re still functional but use inefficient encryption techniques 

and include much extra code.


Compared to other established VPN protocols like OpenVPN and IPsec, the newer and more lightweight Wireguard 

offers significant advantages. Therefore, since its introduction in 2016, numerous VPNs have started using it. Though 

it was created for Linux first, it is now available for and supported by all major platforms.


Whether you’re a tec savvy user or just someone looking to improve their online security, this article gives you a better 

understanding of why WireGuard VPN is quickly becoming a popular choice for many users.


Features of WireGuard

All in all, the WireGuard is equipped with the following features that make it capable of accomplishing its goals.

  • Supports IPv4 and IPv6 protocols and operates as a Layer 3 secure network tunnel. Moreover, it allows for the 
  • encapsulation of v4 data in v6 format and vice versa.
  • Being a UDP based service is a key factor in its lightning fast performance. Therefore, it is a more efficient VPN 
protocol for network bandwidth use.
  • Functions in the Linux kernel as a virtual network interface.
  • This system is based on the most sound cryptographic practices of the present day.
  • Authentication approach it uses is quite similar to that of OpenSSH. Mutual authentication is performed using 
short pre shared static keys with Curve25519 points.
  • WireGuard is used to implement the Mesh, Point to Point and Star topologies.
  • The advanced cryptographic techniques that form the basis of WireGuard’s security and encryption are another 
distinguishing feature. Using a method called “cryptokey routing,” IP addresses for both the server and the client are 
permanently saved in the server’s configuration files.

Advantages of WireGuard

Significantly, WireGuard is a significant improvement over previous VPNs and has far reaching implications for 

the security industry.

1. Steady Connection

In contrast to the current norm, Wireguard creates very reliable connections. This implies that, unlike with other 

protocols, switching between your wireless network and WiFi won’t cause your VPN connection to be disrupted. 

When switching between networks, WireGuard quickly connects and reconnects. In addition, it maintains a 

connection when most VPN protocols fail.

2. Safe connection

Another key point of WireGuard is that it’s VPN service uses safe defaults and clever, cutting edge cryptographic 

primitives. Furthermore, it is much more compact and straightforward than previous protocols, making it much 

easier for security experts to audit. To secure communications between a client and a VPN server, the WireGuard 

VPN protocol uses military grade encryption.

3. Speed

Fast cryptographic code is used in WireGuard (More than 1000 Mbps in terms of throughput). Expected to give 

any protocol solution’s highest speed, and bandwidth since its activities are carried out inside a Linux kernel 

module.

Regular VPN connections usually take between 5 and 10 seconds to establish. As a result, Wireguard normally 

only takes one to two seconds, and the connection is sometimes so fast that it seems instant.

4. Convenience in use and deployment

Besides, WireGuard is a simple programme to set up on both the client and server sides. The platform’s app store 

provides access to various pre built client programmes for computers and mobile devices.

5. Configurations

Since WireGuard only employs public keys, the certificate infrastructure needs to be revised. That, too, is for the 

sake of recognition and security. With this feature, WireGuard may be easily set up to work with any software.


How to Install WireGuard on Ubuntu 20.04 / 22.04 (Step by Step)

Next section guides you through how to install WireGuard VPN server and client on Ubuntu 20.04 / 22.04.

Prerequisites

  • Two servers running Ubuntu 20.04 or Ubuntu 22.04.
  • A root user or a user with sudo privileges.


Step 1 - Perform System Update

First, it is a good idea to update and upgrade all the system packages to the latest version. You update all of them 

by running the following command.

apt update -y
apt upgrade -y

After upgrading all the system packages, you also need to install the Iptables package on your server. Install it using 

the following command.

apt install iptables -y

Once the Iptables package is installed, you proceed to the next step.


Step 2 - Configuring IP Forwarding

Next, you also need to enable the IP forwarding on your server to route all traffic via VPN server. Do it by editing 

sysctl.conf file.

nano /etc/sysctl.conf

Change the following line.

net.ipv4.ip_forward=1

Save and close the file then run the following command to apply the changes.

sysctl -p

You will get the following output.

net.ipv4.ip_forward = 1

Once you are done, you proceed to install WireGuard.


Step 3 - Installing WireGuard VPN

By default, the WireGuard package is available in the Ubuntu default repository. Install it using the 

APT command.

apt install wireguard -y

Once the WireGuard package is installed, please proceed to the next step.


Step 4 - Creating Private and Public Key

As noted, WireGuard provides the wg and wg-quick command line utility that helps you to manage 

the WireGuard interface. So, you also need to create a public and private key on each machine in the 

WireGuard VPN network. Generate them via following command.

wg genkey | tee /etc/wireguard/privatekey | wg pubkey | tee /etc/wireguard/publickey

Once both keys are generated, you get the following output.

Nt/YhewkYGaZChkVXiUXduHY5WTWa1/TLW1UVu5Ut1I=

The above command creates two files named privatekey and publickey in the /etc/wireguard directory. Check the 

content of both files using the following command.

cat /etc/wireguard/privatekey /etc/wireguard/publickey

This shows you the content of both keys in the following output.

MF1WKWo1kXSy8MNy4tl3N3eAftUvAFQIZ0z6AUS3Ul4=
Nt/YhewkYGaZChkVXiUXduHY5WTWa1/TLW1UVu5Ut1I=

Once you are done, you proceed to the next step.


Step 5 - Configuring WireGuard VPN Server

Next, you need to configure the WireGuard VPN server to route the VPN traffic. Do it by creating 

a new file named wg0.conf.

nano /etc/wireguard/wg0.conf

Add the following configurations.

[Interface]
Address = 10.0.0.1/24
SaveConfig = true
ListenPort = 51820
PrivateKey = MF1WKWo1kXSy8MNy4tl3N3eAftUvAFQIZ0z6AUS3Ul4=
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

Save and close the file when you are done.

Here is the brief summary of each option.

  • Address – Define the private IP address range.
  • ListenPort – Define on which port WireGuard listens.
  • PrivateKey – Private key of the server.
  • PostUp – This command runs before bring up the interface.
  • PostDown – This command runs after bring up the interface.

Next, set proper permission on the key files using the following command.

chmod 600 /etc/wireguard/{privatekey,wg0.conf}


Step 6 - Bringing Up WireGuard Interface

At this point, the WireGuard server is installed and configured. Now you bring up the interface 

using the following command.

wg-quick up wg0

You will get the following screen.

In order to bring the interface down, run the following command.
wg-quick down wg0

Actually, you can also bring up the WireGuard interface via systemd. To start the WireGuard interface, run the 

following command.

systemctl start wg-quick@wg0.service

Should you want to enable the WireGuard service to start at system reboot, run the following command.

systemctl enable wg-quick@wg0.service

Verify the status of WireGuard service using the following command.

systemctl status wg-quick@wg0.service

If you want to check the interface status, run the following command.

wg show wg0

You should see the following screen.


If you want to see the IP address of the WireGuard interface, run the following command.

ip a show wg0

This shows you the IP address in the following screen.



Step 7 - Setting Up WireGuard Client

In this section, we navigate you through steps how to install and configure WireGuard VPN client.

First, go to the client machine and install the WireGuard with the following command.

apt install wireguard -y

After installing the WireGuard VPN package, generate a private and public key using the following command.

wg genkey | tee /etc/wireguard/privatekey | wg pubkey | tee /etc/wireguard/publickey

You should see the following output.

RSDjZMSOplyU5jdIOwqn6D2DnNQfja8FtB+6uook8iU=

Now, verify the content of both key using the following command.

cat /etc/wireguard/privatekey /etc/wireguard/publickey

Now you shall get the content of both files as shown below.

uK0ez93bCssvk4//SO3jg2DWjL1EaVwfJR39m/rVK10=
RSDjZMSOplyU5jdIOwqn6D2DnNQfja8FtB+6uook8iU=

Next, create a WireGuard client configuration file with the following command.

nano /etc/wireguard/wg0.conf

Add the following configurations.

[Interface]
PrivateKey = uK0ez93bCssvk4//SO3jg2DWjL1EaVwfJR39m/rVK10=
Address = 10.0.0.2/24

[Peer]
PublicKey = Nt/YhewkYGaZChkVXiUXduHY5WTWa1/TLW1UVu5Ut1I=
Endpoint = 209.23.9.83:51820
AllowedIPs = 0.0.0.0/0

Save and close the file when you are done.

A brief summary of each options is shown below.

  • PrivateKey – Define the private key of client machine.
  • Address – Define the private IP address range.
  • PublicKey – Define the public key of server.
  • Endpoint – Define the IP address of WireGuard server.
  • AllowedIPs – Define the list of allowed IPs.

Concurrently, next is to add the client peer to the server machine. Add it by running the following command on the server machine.

wg set wg0 peer RSDjZMSOplyU5jdIOwqn6D2DnNQfja8FtB+6uook8iU= allowed-ips 10.0.0.2

Finally, bring up the WireGuard interface using the following command.

wg-quick up wg0

You should see the following screen.




Now, go back to your server machine and verify the WireGuard connection status using the following command.

wg

You should see the WireGuard connection information in the following screen.




If you want to disconnect from the VPN connection, run the following command on the client machine.

wg-quick down wg0


How to Install WireGuard on Ubuntu 20.04 / 22.04 (Step by 

Step) Conclusion

Summing up, in this guide, we explained how to install WireGuard on Ubuntu 20.04 / 22.04. Use 

WireGuard VPN to surf the internet anonymously by keeping your traffic private.

Finally, you shall look no further than WireGuard for a state of the art VPN service. When compared to similar

 products, it outperforms the competition. This lightweight protocol is also rather secure. So, if you’re still 

struggling with slow or unreliable VPN connections or if you’re simply looking for a better way to protect your 

online privacy, give WireGuard VPN a try.

Continue reading How to Install WireGuard on Ubuntu 20.04 / 22.04 (Step by Step)