UbuntuUbuntu Based

How To Install WireGuard on Ubuntu 24.04 LTS

r00t

Install WireGuard on Ubuntu 24.04

In today’s digital landscape, ensuring secure network connections is of utmost importance. Virtual Private Networks (VPNs) have become an essential tool for protecting online privacy and safeguarding sensitive data. Among the various VPN solutions available, WireGuard has emerged as a game-changer, offering a lightweight, fast, and highly secure alternative to traditional VPNs like OpenVPN and IPSec. In this comprehensive guide, we will walk you through the process of installing and configuring WireGuard on Ubuntu 24.04 LTS, empowering you to establish secure and efficient VPN connections.

Prerequisites

Before we dive into the installation process, ensure that your Ubuntu 24.04 LTS system meets the necessary requirements. You should have a server or virtual machine running Ubuntu 24.04 LTS with a stable internet connection. Additionally, make sure you have access to the server via SSH as a non-root user with sudo privileges. This will allow you to execute the required commands and make system-level changes securely.

Installing WireGuard

To begin the installation process, start by updating your system’s package index to ensure you have access to the latest software versions. Open a terminal and run the following command:

sudo apt update

Once the package index is updated, you can proceed with installing WireGuard. Fortunately, starting from Ubuntu 20.04 LTS, WireGuard is included in the default APT repositories, making the installation process straightforward. To install WireGuard, execute the following command:

sudo apt install wireguard

After the installation completes, you can verify that WireGuard is successfully installed by checking its version:

wg --version

Configuring WireGuard Server

With WireGuard installed, it’s time to configure the server. The first step is to generate a pair of public and private keys for the server. These keys will be used to establish secure connections between the server and clients. To generate the keys, use the following commands:

wg genkey | sudo tee /etc/wireguard/private.key
sudo chmod go= /etc/wireguard/private.key
sudo cat /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key

Next, create a new configuration file for the WireGuard interface. We’ll call it wg0.conf. Open the file using a text editor with sudo privileges:

sudo nano /etc/wireguard/wg0.conf

Inside the configuration file, add the following lines:

[Interface]
PrivateKey = <server-private-key>
Address = 10.0.0.1/24
ListenPort = 51820
SaveConfig = true

Replace <server-private-key> with the contents of the private.key file you generated earlier. The Address parameter specifies the IP address range for the VPN network, and ListenPort defines the UDP port on which WireGuard will listen for incoming connections.

Firewall Configuration

To allow WireGuard traffic through the firewall, you need to open the necessary UDP port (51820 in this example). If you’re using UFW (Uncomplicated Firewall), which is the default firewall in Ubuntu, you can configure it with the following commands:

sudo ufw allow 51820/udp
sudo ufw enable

These commands will open port 51820 for UDP traffic and enable the firewall.

Setting Up WireGuard Clients

To connect to the WireGuard server, you need to set up WireGuard on the client devices. The process is similar to the server setup. Start by installing WireGuard on the client device, following the appropriate instructions for the client’s operating system.

Next, generate a pair of public and private keys for each client using the same commands as before:

wg genkey | tee client-private.key
cat client-private.key | wg pubkey > client-public.key

Create a client configuration file (e.g., client.conf) and add the following lines:

[Interface]
PrivateKey = <client-private-key>
Address = 10.0.0.2/24

[Peer]
PublicKey = <server-public-key>
AllowedIPs = 0.0.0.0/0
Endpoint = <server-public-ip>:51820

Replace <client-private-key> with the client’s private key, <server-public-key> with the server’s public key, and <server-public-ip> with the public IP address of your WireGuard server.

Connecting Clients to the Server

To establish a connection between the client and the server, you need to add the client’s public key to the server configuration. Open the wg0.conf file on the server and append the following lines:

[Peer]
PublicKey = <client-public-key>
AllowedIPs = 10.0.0.2/32

Replace <client-public-key> with the public key of the client you want to add.

To activate the WireGuard interface on the server, run:

sudo wg-quick up wg0

On the client device, use a similar command to establish the VPN connection:

sudo wg-quick up client.conf

You can test the VPN connection by pinging the server from the client or accessing network resources as if you were directly connected to the server’s network.

Advanced Configuration Options

WireGuard offers various advanced configuration options to cater to specific needs. Here are a few examples:

  • Multiple VPN Interfaces: You can create multiple WireGuard interfaces to segregate different user groups or services, each with its own IP range and configuration.
  • Dual-Stack IPv4 and IPv6: WireGuard supports both IPv4 and IPv6 protocols, allowing you to configure dual-stack connections for enhanced compatibility and performance.
  • Performance Optimization: WireGuard is designed to be lightweight and efficient. You can fine-tune various parameters, such as the MTU (Maximum Transmission Unit) and the number of worker threads, to optimize performance based on your network environment.

Congratulations! You have successfully installed WireGuard. Thanks for using this tutorial for installing WireGuard in the Ubuntu system. For additional help or useful information, we recommend you check the official WireGuard website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!

Tags
r00t
Photo of r00t

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Copyright © 2024 idroot.us | All Rights Reserved.
Back to top button