blog icon indicating copy to clipboard operation
blog copied to clipboard

Published 20 hours ago verified publisher icon Qingquan-Li

Setup WireGuard VPM

Open qingquan-li opened this issue 1 year ago • 0 comments

On the Ubuntu Server (WireGuard Server)

1. Install WireGuard

$ sudo apt update
$ sudo apt install wireguard

sudo means super user do. If you don't want to type sudo every time, you can:

$ sudo su # login as root (super user)
# exit # log out

$ sudo apt install wireguard resolvconf

Resolvconf is a system daemon that manages the system's DNS configuration.

2. Generate the server's keys

$ wg genkey | sudo tee /etc/wireguard/private.key

Generates a new private encryption key and saves it as a file in the /etc/wireguard directory. This directory was automatically created when we installed WireGuard.

$ sudo chmod go= /etc/wireguard/private.key

The chmod command sets the appropriate restrictive permissions for that private key file.

$ sudo cat /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key

Use the value of our private key to generate a matching public key – which will also be saved to the /etc/wireguard directory.

3. Create a wg0.conf file (you can use other file names)

$ sudo vim /etc/wireguard/wg0.conf

[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
# Use your own private key, from /etc/wireguard/privatekey
PrivateKey = <ServerPrivateKey>

[Peer]
# Laptop public key
PublicKey = <ClientPublicKey>
# VPN client's IP address in the VPN
AllowedIPs = 10.0.0.2/32

4. Start the WireGuard service

$ sudo wg-quick up wg0
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.0.0.1/24 dev wg0
[#] ip link set mtu 8920 up dev wg0

Stop the WireGuard service:

$ sudo wg-quick down wg0
[#] wg showconf wg0
[#] ip link delete dev wg0

Check the WireGuard service:

$ sudo wg
interface: wg0
  public key: <ServerPublicKey>
  private key: (hidden)
  listening port: 51820

peer: <ClientPublicKey>
  allowed ips: 10.0.0.2/32

5. Enable the service to start on boot

$ sudo systemctl enable wg-quick@wg0
Created symlink /etc/systemd/system/multi-user.target.wants/[email protected] → /lib/systemd/system/[email protected]

Disable the service:

$ sudo systemctl disable [email protected]
Removed /etc/systemd/system/multi-user.target.wants/[email protected].

Restart the service:

sudo systemctl restart wg-quick@wg0

Check the service's status:

sudo systemctl status wg-quick@wg0

On a Local Device (WireGuard Client)

If you're working with Windows, macOS, Android or iOS; those apps (https://www.wireguard.com/install/) will generate key pairs for you. You'll only need to enter the server's IP address and its public key. You'll then take the client's public key and add it to the server wg0.conf file.

qingquan-li avatar Jul 20 '23 17:07 qingquan-li