How To Install Wireguard on Linux Mint 20

In this tutorial, we will show you how to install Wireguard on Linux Mint 20. For those of you who didn’t know, WireGuard is a fast and modern VPN that utilizes state-of-the-art cryptography. It’s much faster than OpenVPN or IPsec while also having a smaller codebase that is easier to audit and maintain.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of Wireguard VPN on a Linux Mint 20 (Ulyana).

Prerequisites

• A server running one of the following operating systems: Linux Mint 20 (Ulyana).
• It’s recommended that you use a fresh OS install to prevent any potential issues
• A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install Wireguard on Linux Mint 20 Ulyana

Step 1. Before running the tutorial below, it’s important to make sure your system is up to date by running the following apt commands in the terminal:

sudo apt update

Step 2. Installing Wireguard on Linux Mint 20.

• Install Wireguard via default repository Debian.

The installation of WireGuard is actually quite simple. Open a terminal window and issue the command:

sudo apt install wireguard

• Install Wireguard via Snap.

Run the following commands to install Snap packages:

sudo rm /etc/apt/preferences.d/nosnap.pref
sudo apt update
sudo apt install snapd

sudo snap install wireguard-ammp

Step 3. Configure WireGuard.

WireGuard works by encrypting the connection using a pair of cryptographic keys. The keypair is used by sharing the public key with the other party who then can encrypt their message in such a way that it can only be decrypted with the corresponding private key. So, the first thing to be done is to generate the necessary private and public key pair. To do this, go back to the terminal window and issue the following commands:

mkdir ~/.wireguard
cd ~/.wireguard
umask 077
wg genkey | tee privatekey | wg pubkey > publickey

Next, you need to copy the contents of the newly-generated private key with the command:

cat privatekey

Then, generate server config:

sudo nano /etc/wireguard/wg0.conf

Add the following directives to the configuration file:

[Interface]
PrivateKey = <your-server-privatekey>
Address = 10.0.0.1/24
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51820

[Peer]
PublicKey = <your-client-publickey>
AllowedIPs = 10.0.0.2/32

Next, start WireGuard and enable it at boot:

sudo wg-quick up wg0
sudo systemctl enable wg-quick@wg0

Step 4. Configure Firewall.

For Debian servers, you can install the ufw, Uncomplicated Firewall, using the command below:

sudo apt install ufw

Next, add the following rules to allow SSH and WireGuard connections:

sudo ufw allow ssh
sudo ufw allow 51820/udp

Congratulations! You have successfully installed Wireguard. Thanks for using this tutorial for installing the latest version of Wireguard VPN on the Linux Mint system. For additional help or useful information, we recommend you to check the official Wireguard website.