How to Install Wireguard VPN on Ubuntu 22.04: A Step-by-Step Guide

WireGuard is a fast, modern, and secure VPN (Virtual Private Network) protocol that can be quickly set up on an Ubuntu 22.04 server. This guide will walk you through the installation and basic configuration of WireGuard on your Ubuntu 22.04 system.

Step 1: Update Your System

Before you begin, it’s essential to ensure your system is up to date:

sudo apt update
sudo apt upgrade

Step 2: Install WireGuard

WireGuard is available in the official Ubuntu repositories, so you can install it directly:

sudo apt install wireguard

Step 3: Generate Keys

Generate the public and private keys for the server:

wg genkey | sudo tee /etc/wireguard/privatekey | wg pubkey | sudo tee /etc/wireguard/publickey

Step 4: Create a Configuration File

Create a configuration file for WireGuard. Replace your_server_ip with your server’s public IP address:

sudo nano /etc/wireguard/wg0.conf

Add the following configuration to the file:

[Interface]
Address = 10.0.0.1/24
PrivateKey = <private_key>
ListenPort = 51820

[Peer]
PublicKey = <client_public_key>
AllowedIPs = 10.0.0.2/32

Replace <private_key> with the private key generated in Step 3.

Step 5: Enable IP Forwarding

Enable IP forwarding by editing the sysctl configuration:

sudo nano /etc/sysctl.conf

Uncomment or add the following line:

net.ipv4.ip_forward=1

Apply the changes:

sudo sysctl -p

Step 6: Start WireGuard

Start the WireGuard service:

sudo wg-quick up wg0

Step 7: Enable WireGuard on Boot

To ensure that WireGuard starts automatically on boot:

sudo systemctl enable wg-quick@wg0

Step 8: Generate Client Keys

Generate a key pair for your client machine (replace <client_private_key> and <client_public_key> with your actual keys):

wg genkey | tee privatekey | wg pubkey > publickey

Step 9: Configure the Client

On your client machine, create a WireGuard configuration file (e.g., client.conf) and add the following:

[Interface]
PrivateKey = <client_private_key>
Address = 10.0.0.2/32
DNS = 8.8.8.8

[Peer]
PublicKey = <server_public_key>
AllowedIPs = 0.0.0.0/0
Endpoint = your_server_ip:51820
PersistentKeepalive = 25

Replace <client_private_key>, <server_public_key>, and your_server_ip with your actual values.

Step 10: Start the Client

On the client machine, start WireGuard:

sudo wg-quick up client.conf

Step 11: Test the Connection

You can test the connection by pinging your server’s IP address:

ping 10.0.0.1

If you receive replies, the WireGuard VPN is successfully established.

Congratulations! You’ve installed and configured WireGuard VPN on your Ubuntu 22.04 server. This VPN provides a secure way for your clients to connect to your server and access its resources over an encrypted tunnel. Be sure to keep your server and client configurations secure and up to date for optimal security.