LinuxTutorialsUbuntu

How To Install Wireguard on Ubuntu 20.04 LTS

r00t

Install Wireguard on Ubuntu 20.04

In this tutorial, we will show you how to install Wireguard on Ubuntu 20.04 LTS. For those of you who didn’t know, Wireguard is an open-source, dependable, advanced, VPN tunneling software you can install and use right now to create a secure, point-to-point connection to a server. It is cross-platform and can run almost anywhere, including Linux, Windows, Android, and macOS. Wireguard is a peer-to-peer VPN. it does not use the client-server model. Depending on its configuration, a peer can act as a traditional server or client.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of Wireguard on Ubuntu 20.04 (Focal Fossa). You can follow the same instructions for Ubuntu 18.04, 16.04, and any other Debian-based distribution like Linux Mint.

Prerequisites

  • A server running one of the following operating systems: Ubuntu 20.04, 18.04, and any other Debian-based distribution like Linux Mint or elementary OS.
  • It’s recommended that you use a fresh OS install to prevent any potential issues
  • A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install Wireguard on Ubuntu 20.04 LTS Focal Fossa

Step 1. First, make sure that all your system packages are up-to-date by running the following apt commands in the terminal.

sudo apt update
sudo apt upgrade

Step 2. Installing Wireguard on Ubuntu 20.04.

WireGuard is available from the default Ubuntu repositories. Run the following commands to install it:

sudo apt install wireguard

Step 3. Configure WireGuard.

First, run the following command to generate the key pair:

wg genkey | sudo tee /etc/wireguard/privatekey | wg pubkey | sudo tee /etc/wireguard/publickey

Then, create a new file named wg0.conf and add the following contents:

sudo nano /etc/wireguard/wg0.conf
[Interface]
Address = 10.0.0.1/24
SaveConfig = true
ListenPort = 51820
PrivateKey = SERVER_PRIVATE_KEY
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE

The above terms from the wg0.conf the file is defined below:

  • Address – a comma-separated list of v4 or v6 IP addresses for the wg0 interface. Use IPs from a range that is reserved for private networks (10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16).
  • ListenPort – the port on which WireGuard will accept incoming connections.
  • PrivateKey – a private key generated by the wg genkey command. (To see the contents of the file run: sudo cat /etc/wireguard/privatekey)
  • SaveConfig – when set to true, the current state of the interface is saved to the configuration file when shutdown.
  • PostUp – command or script which is executed before bringing the interface up. In this example, we’re using iptables to enable masquerading. This will allow traffic to leave the server, giving the VPN clients access to the Internet.
  • PostDown – command or script which is executed before bringing the interface down. The iptables rules will be removed once the interface is down.

The wg0.conf and private key files should not be readable to normal users. Use chmod to set the permissions to 600:

sudo chmod 600 /etc/wireguard/{privatekey,wg0.conf}

Once done, bring the wg0 interface up using the attributes specified in the configuration file:

sudo wg-quick up wg0
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.0.0.1/24 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE

To bring the WireGuard interface at boot time run the following command:

sudo systemctl enable wg-quick@wg0

Step 4. Configure Firewall.

You need to open UDP traffic on port 51820:

sudo ufw allow 51820/udp

Finally, we can start the Wireguard service using the following command:

sudo wg-quick up wg0

Congratulations! You have successfully installed Wireguard. Thanks for using this tutorial for installing Wireguard VPN on Ubuntu 20.04 LTS Focal Fossa system. For additional help or useful information, we recommend you to check the official Wireguard website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Tags
r00t
Photo of r00t

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Copyright © 2024 idroot.us | All Rights Reserved.
Back to top button