In this tutorial we will show you how to install Wireguard on Ubuntu 18.04 LTS . For those of you who didn’t know, Wireguard is an open-source, dependable, advanced, VPN tunneling software you can install and use right now to create a secure, point-to-point connection to a server. It is a cross-platform and can run almost anywhere, including Linux, Windows, Android, and macOS. Wireguard is a peer-to-peer VPN. it does not use the client-server model. Depending on its configuration, a peer can act as a traditional server or client.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo’ to the commands to get root privileges. I will show you through the step by step installation Wireguard VPN on an Ubuntu 18.04 (Bionic Beaver) server.
Install Wireguard on Ubuntu 18.04 LTS Bionic Beaver
Step 1. First make sure that all your system packages are up-to-date by running these following apt commands in the terminal.
Step 2. Installing Wireguard on Ubuntu 18.04.
Add the WireGuard repository:
Then, install the WireGuard package using following command:
We will generate the public and private keys needed to encrypt the data transmission:
Next, create a new file named
wg0.conf and add the following contents:
The above terms from the wg0.conf file are defined below:
Address – a comma-separated list of v4 or v6 IP addresses for the
wg0interface. Use IPs from a range that is reserved for the private networks (10.0.0.0/8, 172.16.0.0/12 or 192.168.0.0/16).
- ListenPort – the port on which WireGuard will accept incoming connections.
- PrivateKey – a private key generated by the
wg genkeycommand. (To see the contents of the file run:
sudo cat /etc/wireguard/privatekey)
- SaveConfig – when set to true, the current state of the interface is saved to the configuration file when shutdown.
PostUp – command or script which is executed before bringing the interface up. In this example, we’re using iptables to enable masquerading. This will allow traffic to leave the server, giving the VPN clients access to the Internet.
- PostDown – command or script which is executed before bringing the interface down. The iptables rules will be removed once the interface is down.
wg0.conf and privatekey files should not be readable to normal users. Use chmod to set the permissions to 600:
Once done, bring the
wg0 interface up using the attributes specified in the configuration file:
To bring the WireGuard interface at boot time run the following command:
We need to allow SSH connections, open the WireGuard VPN port and finally, enable the firewall on the server:
Now, we can start the Wireguard service using the following command:
Congratulation’s! You have successfully installed Wireguard. Thanks for using this tutorial for installing Wireguard VPN on Ubuntu 18.04 LTS Bionic Beaver system. For additional help or useful information, we recommend you to check the official Wireguard website.