LinuxTutorialsUbuntu

How To Install Wireguard on Ubuntu 18.04 LTS

r00t

Install Wireguard on Ubuntu 18.04

In this tutorial, we will show you how to install Wireguard on Ubuntu 18.04 LTS. For those of you who didn’t know, Wireguard is an open-source, dependable, advanced, VPN tunneling software you can install and use right now to create a secure, point-to-point connection to a server. It is cross-platform and can run almost anywhere, including Linux, Windows, Android, and macOS. Wireguard is a peer-to-peer VPN. it does not use the client-server model. Depending on its configuration, a peer can act as a traditional server or client.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of Wireguard VPN on an Ubuntu 18.04 (Bionic Beaver) server.

Prerequisites

  • A server running one of the following operating systems: Ubuntu 18.04, and any other Debian-based distribution like Linux Mint or elementary OS.
  • It’s recommended that you use a fresh OS install to prevent any potential issues
  • A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install Wireguard on Ubuntu 18.04 LTS Bionic Beaver

Step 1. First, make sure that all your system packages are up-to-date by running the following apt commands in the terminal.

sudo apt update
sudo apt upgrade
sudo apt install software-properties-common

Step 2. Installing Wireguard on Ubuntu 18.04.

Add the WireGuard repository:

sudo add-apt-repository ppa:wireguard/wireguard

Then, install the WireGuard package using the following command:

sudo apt install wireguard

Step 3. Configuring WireGuard.

We will generate the public and private keys needed to encrypt the data transmission:

wg genkey | sudo tee /etc/wireguard/privatekey | wg pubkey | sudo tee /etc/wireguard/publickey

Next, create a new file named wg0.conf and add the following contents:

sudo nano /etc/wireguard/wg0.conf
[Interface]
Address = 10.0.0.1/24
SaveConfig = true
ListenPort = 51820
PrivateKey = SERVER_PRIVATE_KEY
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE

The above terms from the wg0.conf file are defined below:

  • Address – a comma-separated list of v4 or v6 IP addresses for the wg0 interface. Use IPs from a range that is reserved for private networks (10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16).

  • ListenPort – the port on which WireGuard will accept incoming connections.
  • PrivateKey – a private key generated by the wg genkey command. (To see the contents of the file run: sudo cat /etc/wireguard/privatekey)
  • SaveConfig – when set to true, the current state of the interface is saved to the configuration file when shutdown.

  • PostUp – command or script which is executed before bringing the interface up. In this example, we’re using iptables to enable masquerading. This will allow traffic to leave the server, giving the VPN clients access to the Internet.

  • PostDown – command or script which is executed before bringing the interface down. The iptables rules will be removed once the interface is down.

The wg0.conf and private key files should not be readable to normal users. Use chmod to set the permissions to 600:

sudo chmod 600 /etc/wireguard/{privatekey,wg0.conf}

Once done, bring the wg0 interface up using the attributes specified in the configuration file:

sudo wg-quick up wg0

To bring the WireGuard interface to boot time run the following command:

sudo systemctl enable wg-quick@wg0

Step 4. Set Up Firewall Configuration.

We need to allow SSH connections, open the WireGuard VPN port and finally, enable the firewall on the server:

sudo ufw allow 22/tcp  
sudo ufw allow 51820/udp 
sudo ufw enable

Now, we can start the Wireguard service using the following command:

sudo wg-quick up wg0

Congratulations! You have successfully installed Wireguard. Thanks for using this tutorial for installing Wireguard VPN on Ubuntu 18.04 LTS Bionic Beaver system. For additional help or useful information, we recommend you to check the official Wireguard website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Tags
r00t
Photo of r00t

r00t

r00t is a seasoned Linux system administrator with a wealth of experience in the field. Known for his contributions to idroot.us, r00t has authored numerous tutorials and guides, helping users navigate the complexities of Linux systems. His expertise spans across various Linux distributions, including Ubuntu, CentOS, and Debian. r00t's work is characterized by his ability to simplify complex concepts, making Linux more accessible to users of all skill levels. His dedication to the Linux community and his commitment to sharing knowledge makes him a respected figure in the field.
Copyright © 2024 idroot.us | All Rights Reserved.
Back to top button