Arch Linux BasedManjaro

How To Install WireGuard on Manjaro

r00t

Install WireGuard on Manjaro

WireGuard is a cutting-edge VPN protocol that offers superior performance and security compared to traditional options like OpenVPN or IPsec. Its lightweight codebase and efficient cryptographic primitives make it an ideal choice for both desktop and mobile devices. Manjaro users can benefit from WireGuard’s speed, simplicity, and robust encryption to protect their online activities.

In this comprehensive guide, we’ll explore three different methods to install WireGuard on Manjaro: using the graphical Network Manager, command-line installation, and a dedicated WireGuard manager script. We’ll also cover advanced configuration options, troubleshooting tips, and integration with your desktop environment.

Prerequisites

Before we begin, ensure that you have the following:

  • A Manjaro Linux system (up-to-date)
  • Sudo privileges on your account
  • An active internet connection
  • Basic familiarity with the command line interface

Method 1: GUI Installation Using Network Manager

For users who prefer a graphical interface, installing WireGuard through Manjaro’s Network Manager is a straightforward option.

Installing the Required Package

First, we need to install the network-manager-wireguard package. Open a terminal and run:

sudo pacman -S network-manager-wireguard

Accessing Network Settings

  1. Click on the network icon in your system tray
  2. Select “Network Settings” or “Edit Connections”
  3. Click the “+” button to add a new connection
  4. Choose “WireGuard” from the connection type dropdown

Configuring the WireGuard Interface

In the configuration window, you’ll need to enter the following details:

  • Name: Give your connection a recognizable name
  • Interface Name: Usually “wg0” for the first connection
  • Private Key: Paste your WireGuard private key here
  • Public Key: Enter your WireGuard public key
  • Listen Port: Typically 51820, but can be changed if needed
  • MTU: Leave as default unless you have specific requirements

Setting Up Peer Configuration

In the “Peers” tab, add the details for the WireGuard server you’re connecting to:

  • Public Key: The server’s public key
  • Allowed IPs: Usually 0.0.0.0/0 for routing all traffic
  • Endpoint: The server’s IP address or hostname and port
  • Persistent Keep Alive: Set to 25 seconds for NAT traversal

Managing IPv4/IPv6 Settings

Configure your IP settings in the respective tabs:

  • IPv4: Set to “Automatic (VPN)” for DHCP, or manually enter your VPN IP
  • IPv6: Similar to IPv4, choose automatic or manual configuration

Testing and Verification

After saving your configuration, connect to the WireGuard VPN:

  1. Click on the network icon in the system tray
  2. Select your newly created WireGuard connection
  3. Verify the connection by checking your IP address at ipleak.net

To ensure your DNS isn’t leaking, use a tool like DNSLeakTest. If you notice any issues, consider manually setting your DNS servers in the connection settings.

Method 2: Command Line Installation

For users comfortable with the terminal, installing WireGuard via command line offers more control and can be faster.

Package Installation

First, update your system and install WireGuard:

sudo pacman -Syu sudo pacman -S wireguard-tools

Key Generation

Generate your WireGuard keys:

wg genkey | tee privatekey | wg pubkey > publickey sudo chmod 600 privatekey

This creates two files: ‘privatekey’ and ‘publickey’. Keep your private key secure and never share it.

Configuration Setup

Create a WireGuard configuration file:

sudo nano /etc/wireguard/wg0.conf

Add the following content, replacing the placeholders with your actual data:

[Interface] PrivateKey = <Your Private Key> Address = <Your VPN IP Address> DNS = <VPN DNS Server> [Peer] PublicKey = <Server Public Key> AllowedIPs = 0.0.0.0/0, ::/0 Endpoint = <Server IP or Hostname>:<Port> PersistentKeepalive = 25

Save the file and set the correct permissions:

sudo chmod 600 /etc/wireguard/wg0.conf

Starting WireGuard

To start WireGuard and enable it on boot:

sudo systemctl start wg-quick@wg0 sudo systemctl enable wg-quick@wg0

Method 3: Using WireGuard Manager Script

For those who want a more automated approach, using a WireGuard manager script can simplify the process.

Script Installation

Download and run the WireGuard installation script:

curl -O https://raw.githubusercontent.com/angristan/wireguard-install/master/wireguard-install.sh chmod +x wireguard-install.sh sudo ./wireguard-install.sh

Follow the prompts to set up your WireGuard server or client configuration.

Configuration Management

The script allows you to:

  • Add new clients
  • Remove existing clients
  • Uninstall WireGuard

To manage your WireGuard setup, simply run the script again:

sudo ./wireguard-install.sh

Advanced Configuration

Once you have WireGuard up and running, you might want to fine-tune its performance and security.

Performance Optimization

Adjust the MTU settings if you experience performance issues:

sudo wg show wg0 mtu

If the MTU is too high, reduce it in your configuration file:

MTU = 1420

Security Enhancements

Implement a kill switch to prevent traffic leaks:

sudo ufw default deny outgoing sudo ufw allow out on wg0 from any to any sudo ufw enable

This ensures that traffic only flows through the WireGuard interface when connected.

Troubleshooting

If you encounter issues with your WireGuard connection, try these steps:

  1. Check your system logs: sudo journalctl -xeu wg-quick@wg0
  2. Verify your configuration file for typos
  3. Ensure your firewall isn’t blocking WireGuard traffic
  4. Test with a different DNS server

Congratulations! You have successfully installed WireGuard. Thanks for using this tutorial for installing the WireGuard on your Manjaro system. For additional or useful information, we recommend you check the official WireGuard website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Tags
r00t
Photo of r00t

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Copyright © 2024 idroot.us | All Rights Reserved.
Back to top button