How to setup Wireguard on Ubuntu
Setup Wireguard on Ubuntu
On this post we are going to showcase the steps how to setup Wireguard on Ubuntu. Wireguard is one of the well-known and a great open-source VPN solution. The scenario for our process on how to install Wireguard on Ubuntu is going to be performed as following:
- Deployed Ubuntu Linux machine with firewall(you can use UFW or IPTABLES. IPTABLES is used in this example).
- We’ll be using a Wireguard installation script from Github made by angristan. The Installation process done manually is not difficult but it can be time consuming(especially if you miss-configured a step which can consume more time by troubleshooting). For the simplicity and ease of setup we’re using the angristan’s script(big thanks to him for sharing the script).
Another good method of deploying Wireguard is via Docker, meaning that we can setup and deploy wireguard VPN as Docker container. You can also check out this process on this post.
How to setup Wireguard on Ubuntu
Wireguard server installation
Download and run the install script from the Github repository:
curl -O https://raw.githubusercontent.com/angristan/wireguard-install/master/wireguard-install.sh chmod +x wireguard-install.sh ./wireguard-install.sh
The script will ask you to provide it information in order to configure the Wireguard server. A screenshot bellow is provided with an example what information is required and what to provide it:
- Public IP address and ethernet interface:
- By default, the script itself should detect your Public IP address of your server and and the default Ethernet interface that it’s going to route traffic and it will display it. If the information is correct, hit Enter to continue.
- Wireguard’s port name and IPv4 and IPv6 Private subnet: These entries you can leave at default. They’re are the default Wireguard’s parameters where we’ll set the name for the Wiregurad’s ethernet interfaces and set the Wireguard’s Private IP address and the starting subnet for client devices.
- Port number: The port protocol number Wireguard uses in order to establish the connection to the client devices on it’s Public IP address.
- First and second client DNS resolver: This parameter will set the DNS resolvers(or DNS servers) which client’s will use once they connect on the server. The script will initially suggest and will display already an IP address for a DNS to use for clients. The suggested IP address is from AdGuard service which protects clients and blocks trackers and phishing attacks. You can the entry and use the suggested DNS or enter one which you prefer.
After the DNS entries, the script will start to install and configure the Wiregaurd.
After the server configuration is done, the script will prompt you for client configuration and it will only the two things and that is:
Client name and the client’s private IP address: For the IP address you can leave it at default, since it will suggest and set the IP addresses numerically.
The rest of the client setup will be done automatically by the script and in the you should get the result like in the following picture, with the QR code listed for ease of client setup:
Client config retrieval
After the client config setup, download the .ovpn client file(you can use a SSH client with integrated file manager such as MobaxTerm or Bitwise or similar.) On Linux you can download the file with sftp:
sftp [email protected] get client_config.ovpn
The file will be download to your home directory.
Connecting to the Wireguard server
Once the installation is done, you may get this message that the Wireguard VPN service is not running:
If you get this message, just run the command from bellow to start it and have start automatically on boot:
sudo wg-quick up wg0
or start it as a service and enable it(suggested if you plan to have it running 24/7):
sudo systemctl start [email protected] sudo systemctl enable [email protected]
To be sure that the Wireguard server is running, you’ll get an output like in the example picture bellow once it starts:
To establish the connection from the client to the server, on the client machine, install the Wireguard client(for each individual distro you can find instructions on their site) and run the following command to connect:
client sudo wg-quick up client_config.conf
You should an output like this for a successful connection:
And that is it!
If you’re running a firewall on your server such as UFW or IPTABLEs, then it’s a must to open a port on your server in order for VPN to work:
UFW sudo ufw allow 49756 IPTABLES(for TCP) sudo iptables -I INPUT -p tcp -m tcp --dport 49756 -j ACCEPT or sudo iptables -A INPUT -p tcp -m tcp --dport 49756 -j ACCEPT IPTABLES(for UDP) sudo iptables -I INPUT -p udp -m udp --dport 49756 -j ACCEPT or sudo iptables -A INPUT -p udp -m udp --dport 49756 -j ACCEPT
To summarize the article – we went through the process on how to setup Wireguard on Ubuntu, using an auto-install script from Github, which speeds up and simplifies the process. The reason we choose this script is because it can help us deploy the Wireguard server solution in matter of minutes and it also covers and automates the most of the configuration for the most common use case scenarios.
Thanks for your time…