How to Install WireGuard on Ubuntu 20.04 / 22.04 (Step by Step). In this post, we introduce WireGuard VPN, its advantages, features, then show you how to install WireGuard on Ubuntu 20.04 / 22.04.
What is WireGuard VPN?
Existing VPN protocols were created many years ago. They’re still functional but use inefficient encryption techniques
and include much extra code.
Compared to other established VPN protocols like OpenVPN and IPsec, the newer and more lightweight Wireguard
offers significant advantages. Therefore, since its introduction in 2016, numerous VPNs have started using it. Though
it was created for Linux first, it is now available for and supported by all major platforms.
Whether you’re a tec savvy user or just someone looking to improve their online security, this article gives you a better
understanding of why WireGuard VPN is quickly becoming a popular choice for many users.
Features of WireGuard
All in all, the WireGuard is equipped with the following features that make it capable of accomplishing its goals.
- Supports IPv4 and IPv6 protocols and operates as a Layer 3 secure network tunnel. Moreover, it allows for the
- encapsulation of v4 data in v6 format and vice versa.
- Being a UDP based service is a key factor in its lightning fast performance. Therefore, it is a more efficient VPN
- Functions in the Linux kernel as a virtual network interface.
- This system is based on the most sound cryptographic practices of the present day.
- Authentication approach it uses is quite similar to that of OpenSSH. Mutual authentication is performed using
- WireGuard is used to implement the Mesh, Point to Point and Star topologies.
- The advanced cryptographic techniques that form the basis of WireGuard’s security and encryption are another
Advantages of WireGuard
Significantly, WireGuard is a significant improvement over previous VPNs and has far reaching implications for
the security industry.
1. Steady Connection
In contrast to the current norm, Wireguard creates very reliable connections. This implies that, unlike with other
protocols, switching between your wireless network and WiFi won’t cause your VPN connection to be disrupted.
When switching between networks, WireGuard quickly connects and reconnects. In addition, it maintains a
connection when most VPN protocols fail.
2. Safe connection
Another key point of WireGuard is that it’s VPN service uses safe defaults and clever, cutting edge cryptographic
primitives. Furthermore, it is much more compact and straightforward than previous protocols, making it much
easier for security experts to audit. To secure communications between a client and a VPN server, the WireGuard
VPN protocol uses military grade encryption.
3. Speed
Fast cryptographic code is used in WireGuard (More than 1000 Mbps in terms of throughput). Expected to give
any protocol solution’s highest speed, and bandwidth since its activities are carried out inside a Linux kernel
module.
Regular VPN connections usually take between 5 and 10 seconds to establish. As a result, Wireguard normally
only takes one to two seconds, and the connection is sometimes so fast that it seems instant.
4. Convenience in use and deployment
Besides, WireGuard is a simple programme to set up on both the client and server sides. The platform’s app store
provides access to various pre built client programmes for computers and mobile devices.
5. Configurations
Since WireGuard only employs public keys, the certificate infrastructure needs to be revised. That, too, is for the
sake of recognition and security. With this feature, WireGuard may be easily set up to work with any software.
How to Install WireGuard on Ubuntu 20.04 / 22.04 (Step by Step)
Next section guides you through how to install WireGuard VPN server and client on Ubuntu 20.04 / 22.04.
Prerequisites
- Two servers running Ubuntu 20.04 or Ubuntu 22.04.
- A root user or a user with sudo privileges.
Step 1 - Perform System Update
First, it is a good idea to update and upgrade all the system packages to the latest version. You update all of them
by running the following command.
apt update -y
apt upgrade -y
After upgrading all the system packages, you also need to install the Iptables package on your server. Install it using
the following command.
apt install iptables -y
Once the Iptables package is installed, you proceed to the next step.
Step 2 - Configuring IP Forwarding
Next, you also need to enable the IP forwarding on your server to route all traffic via VPN server. Do it by editing
sysctl.conf file.
nano /etc/sysctl.conf
Change the following line.
net.ipv4.ip_forward=1
Save and close the file then run the following command to apply the changes.
sysctl -p
You will get the following output.
net.ipv4.ip_forward = 1
Once you are done, you proceed to install WireGuard.
Step 3 - Installing WireGuard VPN
By default, the WireGuard package is available in the Ubuntu default repository. Install it using the
APT command.
apt install wireguard -y
Once the WireGuard package is installed, please proceed to the next step.
Step 4 - Creating Private and Public Key
As noted, WireGuard provides the wg and wg-quick command line utility that helps you to manage
the WireGuard interface. So, you also need to create a public and private key on each machine in the
WireGuard VPN network. Generate them via following command.
wg genkey | tee /etc/wireguard/privatekey | wg pubkey | tee /etc/wireguard/publickey
Once both keys are generated, you get the following output.
Nt/YhewkYGaZChkVXiUXduHY5WTWa1/TLW1UVu5Ut1I=
The above command creates two files named privatekey and publickey in the /etc/wireguard directory. Check the
content of both files using the following command.
cat /etc/wireguard/privatekey /etc/wireguard/publickey
This shows you the content of both keys in the following output.
MF1WKWo1kXSy8MNy4tl3N3eAftUvAFQIZ0z6AUS3Ul4=
Nt/YhewkYGaZChkVXiUXduHY5WTWa1/TLW1UVu5Ut1I=
Once you are done, you proceed to the next step.
Step 5 - Configuring WireGuard VPN Server
Next, you need to configure the WireGuard VPN server to route the VPN traffic. Do it by creating
a new file named wg0.conf.
nano /etc/wireguard/wg0.conf
Add the following configurations.
[Interface]
Address = 10.0.0.1/24
SaveConfig = true
ListenPort = 51820
PrivateKey = MF1WKWo1kXSy8MNy4tl3N3eAftUvAFQIZ0z6AUS3Ul4=
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
Save and close the file when you are done.
Here is the brief summary of each option.
- Address – Define the private IP address range.
- ListenPort – Define on which port WireGuard listens.
- PrivateKey – Private key of the server.
- PostUp – This command runs before bring up the interface.
- PostDown – This command runs after bring up the interface.
Next, set proper permission on the key files using the following command.
chmod 600 /etc/wireguard/{privatekey,wg0.conf}
Step 6 - Bringing Up WireGuard Interface
At this point, the WireGuard server is installed and configured. Now you bring up the interface
using the following command.
wg-quick up wg0
You will get the following screen.
wg-quick down wg0
Actually, you can also bring up the WireGuard interface via systemd. To start the WireGuard interface, run the
following command.
systemctl start wg-quick@wg0.service
Should you want to enable the WireGuard service to start at system reboot, run the following command.
systemctl enable wg-quick@wg0.service
Verify the status of WireGuard service using the following command.
systemctl status wg-quick@wg0.service
If you want to check the interface status, run the following command.
wg show wg0
If you want to see the IP address of the WireGuard interface, run the following command.
ip a show wg0
In this section, we navigate you through steps how to install and configure WireGuard VPN client.
First, go to the client machine and install the WireGuard with the following command.
apt install wireguard -y
After installing the WireGuard VPN package, generate a private and public key using the following command.
wg genkey | tee /etc/wireguard/privatekey | wg pubkey | tee /etc/wireguard/publickey
You should see the following output.
RSDjZMSOplyU5jdIOwqn6D2DnNQfja8FtB+6uook8iU=
Now, verify the content of both key using the following command.
cat /etc/wireguard/privatekey /etc/wireguard/publickey
Now you shall get the content of both files as shown below.
uK0ez93bCssvk4//SO3jg2DWjL1EaVwfJR39m/rVK10=
RSDjZMSOplyU5jdIOwqn6D2DnNQfja8FtB+6uook8iU=
Next, create a WireGuard client configuration file with the following command.
nano /etc/wireguard/wg0.conf
Add the following configurations.
[Interface]
PrivateKey = uK0ez93bCssvk4//SO3jg2DWjL1EaVwfJR39m/rVK10=
Address = 10.0.0.2/24
[Peer]
PublicKey = Nt/YhewkYGaZChkVXiUXduHY5WTWa1/TLW1UVu5Ut1I=
Endpoint = 209.23.9.83:51820
AllowedIPs = 0.0.0.0/0
Save and close the file when you are done.
A brief summary of each options is shown below.
- PrivateKey – Define the private key of client machine.
- Address – Define the private IP address range.
- PublicKey – Define the public key of server.
- Endpoint – Define the IP address of WireGuard server.
- AllowedIPs – Define the list of allowed IPs.
Concurrently, next is to add the client peer to the server machine. Add it by running the following command on the server machine.
wg set wg0 peer RSDjZMSOplyU5jdIOwqn6D2DnNQfja8FtB+6uook8iU= allowed-ips 10.0.0.2
Finally, bring up the WireGuard interface using the following command.
wg-quick up wg0
Now, go back to your server machine and verify the WireGuard connection status using the following command.
wg
If you want to disconnect from the VPN connection, run the following command on the client machine.
wg-quick down wg0
How to Install WireGuard on Ubuntu 20.04 / 22.04 (Step by
Step) Conclusion
Summing up, in this guide, we explained how to install WireGuard on Ubuntu 20.04 / 22.04. Use
WireGuard VPN to surf the internet anonymously by keeping your traffic private.
Finally, you shall look no further than WireGuard for a state of the art VPN service. When compared to similar
products, it outperforms the competition. This lightweight protocol is also rather secure. So, if you’re still
struggling with slow or unreliable VPN connections or if you’re simply looking for a better way to protect your
online privacy, give WireGuard VPN a try.
0 $type={blogger}:
Post a Comment