Install and Configure WireGuard on Ubuntu 20.04

In this article, we want to teach you How To Install and Configure WireGuard on Ubuntu 20.04.

WireGuard is a VPN protocol —the way that a client (like your computer or phone) communicates with a VPN server.

It only supports UDP, which uses no handshake protocols. That’s one of the reasons why it’s so fast.

WireGuard uses modern cryptography and network code to create an encrypted tunnel between two devices.

How To Install and Configure WireGuard on Ubuntu 20.04

Before installing WireGuard on your server, you need to log in to your server as a non-root user with sudo privileges and set up a basic firewall. To do this, you can follow our article the Initial Server Setup with Ubuntu 20.04.

Now follow the steps below to set up the WireGuard VPN server on Ubuntu 20.04.

Steps To Install WireGuard Server on Ubuntu 20.04

First, you need to update your local package index with the following command:

sudo apt update

WireGuard VPN service is available in the default Ubuntu 20.04 repository. So use the command below to install it on your server:

sudo apt install wireguard

Now you need to configure the WireGuard VPN server on Ubuntu 20.04.

Configure WireGuard Server on Ubuntu 20.04

First, switch to your WireGuard directory with the command below:

sudo cd /etc/wireguard/

Next, you need to generate a public and private key pair for the WireGuard VPN server with the following command:

sudo umask 077; wg genkey | tee privatekey | wg pubkey > publickey

To view your keys you can use the following command:

# sudo cat privatekey
# sudo cat publickey

Please note down your private key.

Now you need to create and open the /etc/wireguard/wg0.conf file with your favorite text editor, here we use vi:

sudo vi /etc/wireguard/wg0.conf

Add the following contents to the file:

## Set Up WireGuard VPN on Ubuntu By Editing/Creating wg0.conf File ##
[Interface]
## My VPN server private IP address ##
Address = 192.168.6.1/24
 
## My VPN server port ##
ListenPort = 41194
 
## VPN server's private key i.e. /etc/wireguard/privatekey ##
PrivateKey = your-server-private-key

When you are done, save and close the file.

Configure Firewall For WireGuard Server

We assumed that you have enabled the UFW firewall. Now you need to open UDP 41194 port with the following command:

sudo ufw allow 41194/udp

Manage WireGuard Server

At this point, stat and enable WireGuard service on Ubuntu 20.04 with the following commands:

sudo systemctl enable wg-quick@wg0
sudo systemctl start wg-quick@wg0

Verify that the WireGuard service is active and running on Ubuntu 20.04:

sudo systemctl status wg-quick@wg0
Output
wg-quick@wg0.service - WireGuard via wg-quick(8) for wg0
Loaded: loaded (/lib/systemd/system/wg-quick@.service; enabled; vendor pre>
Active: active (exited) since Sat 2022-02-12 14:56:39 CET; 58s ago
Docs: man:wg-quick(8)
man:wg(8)
https://www.wireguard.com/
https://www.wireguard.com/quickstart/
https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
Process: 2948 ExecStart=/usr/bin/wg-quick up wg0 (code=exited, status=0/SUC>
Main PID: 2948 (code=exited, status=0/SUCCESS)

Also, you can verify that interface named wg0 is up and running on Ubuntu 20.04 with the commands below:

sudo wg
Output
interface: wg0
public key: 6dxOIYPcP547ZXezfQ3YeDEjsJAELMpzFr7ObJZQnAI=
private key: (hidden)
listening port: 41194
sudo ip a show wg0
Output
3: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 192.168.6.1/24 scope global wg0
valid_lft forever preferred_lft forever

Here you have installed and configured WireGuard VPN on your Ubuntu 20.04. Let’s see how to configure it on your client’s machine.

Install WireGuard Client on Ubuntu 20.04

The steps to install and configure WireGuard on a client machine are the same as the server. Here our client’s machine is Ubuntu 20.04.

First, install the WireGuard VPN client on an Ubuntu 20.04 desktop with the command below:

sudo apt install wireguard

Configure WireGuard Client

Then, use the commands below to generate your key pairs:

# sudo sh -c 'umask 077; touch /etc/wireguard/wg0.conf'
# cd /etc/wireguard/
# umask 077; wg genkey | tee privatekey | wg pubkey > publickey
# cat privatekey
# cat publickey

Next, open the wg0.conf file with your favorite text editor, here we use vi:

sudo vi /etc/wireguard/wg0.conf

Add the following contents to the file:

[Interface]
## This Desktop/client's private key ##
PrivateKey = your-client-private-key
 
## Client ip address ##
Address = 192.168.6.2/24
 
[Peer]
## Ubuntu 20.04 server public key ##
PublicKey = your-server-public-key
 
## set ACL ##
AllowedIPs = 192.168.6.0/24
 
## Your Ubuntu 20.04 LTS server's public IPv4/IPv6 address and port ##
Endpoint = your-server-IP-address:41194
 
##  Key connection alive ##
PersistentKeepalive = 15

When you are done, save and close the file.

Manage WireGuard Client Service

Now enable and start your WireGuard VPN client with the commands below:

# sudo systemctl enable wg-quick@wg0
# sudo systemctl start wg-quick@wg0
# sudo systemctl status wg-quick@wg0

At this point, you need to allow the desktop client and Ubuntu server connection over VPN.

Allow Client and Server connection over WireGuard VPN

Here you need to configure the wg0.conf file from the server side and allow a connection between the Desktop client computer and the server.

First, stop your WireGuard VPN service on Ubuntu 20.04 with the following command:

sudo systemctl stop wg-quick@wg0

Then, open the wg0.conf file on Ubuntu 20.04 with your favorite text editor, here we use vi:

sudo vi /etc/wireguard/wg0.conf

Add the peer/client section to the file:

[Peer]
## Desktop/client VPN public key ##
PublicKey = your-client-public-key
 
## client VPN IP address (note  the /32 subnet) ##
AllowedIPs = 192.168.10.2/32

When you are done, save and close the file.

Now start your service again with the following command:

sudo systemctl start wg-quick@wg0

At this point, both Ubuntu servers and clients must be connected securely using a peer-to-peer VPN called WireGuard.

You can test your connection with the following commands on your client machine:

$ ping -c 4 192.168.10.1
$ sudo wg

Now try to ssh into the server using your VPN connection:

ssh olivia@192.168.10.1

Conclusion

At this point, you learn to set up and configure the WireGuard VPN server on both Ubuntu 20.04 server and your client machine.

For more information, you can visit the WireGuard Documentation page.

Hope you enjoy it.

You may be interested in these articles:

Set up WireGuard VPN Server on Debian 11

How To Set up PiVPN on Debian 11

Install and Configure Squid Proxy on Ubuntu 20.04

Newsletter Updates

Enter your email address below and subscribe to our newsletter

Stay informed and not overwhelmed, subscribe now!