WireGuard is a fast, modern, and secure VPN (Virtual Private Network) protocol that can be quickly set up on an Ubuntu 22.04 server. This guide will walk you through the installation and basic configuration of WireGuard on your Ubuntu 22.04 system.
Step 1: Update Your System
Before you begin, it’s essential to ensure your system is up to date:
sudo apt update
sudo apt upgrade
Step 2: Install WireGuard
WireGuard is available in the official Ubuntu repositories, so you can install it directly:
sudo apt install wireguard
Step 3: Generate Keys
Generate the public and private keys for the server:
wg genkey | sudo tee /etc/wireguard/privatekey | wg pubkey | sudo tee /etc/wireguard/publickey
Step 4: Create a Configuration File
Create a configuration file for WireGuard. Replace your_server_ip
with your server’s public IP address:
sudo nano /etc/wireguard/wg0.conf
Add the following configuration to the file:
[Interface]
Address = 10.0.0.1/24
PrivateKey = <private_key>
ListenPort = 51820
[Peer]
PublicKey = <client_public_key>
AllowedIPs = 10.0.0.2/32
Replace <private_key>
with the private key generated in Step 3.
Step 5: Enable IP Forwarding
Enable IP forwarding by editing the sysctl configuration:
sudo nano /etc/sysctl.conf
Uncomment or add the following line:
net.ipv4.ip_forward=1
Apply the changes:
sudo sysctl -p
Step 6: Start WireGuard
Start the WireGuard service:
sudo wg-quick up wg0
Step 7: Enable WireGuard on Boot
To ensure that WireGuard starts automatically on boot:
sudo systemctl enable wg-quick@wg0
Step 8: Generate Client Keys
Generate a key pair for your client machine (replace <client_private_key>
and <client_public_key>
with your actual keys):
wg genkey | tee privatekey | wg pubkey > publickey
Step 9: Configure the Client
On your client machine, create a WireGuard configuration file (e.g., client.conf) and add the following:
[Interface]
PrivateKey = <client_private_key>
Address = 10.0.0.2/32
DNS = 8.8.8.8
[Peer]
PublicKey = <server_public_key>
AllowedIPs = 0.0.0.0/0
Endpoint = your_server_ip:51820
PersistentKeepalive = 25
Replace <client_private_key>
, <server_public_key>
, and your_server_ip
with your actual values.
Step 10: Start the Client
On the client machine, start WireGuard:
sudo wg-quick up client.conf
Step 11: Test the Connection
You can test the connection by pinging your server’s IP address:
ping 10.0.0.1
If you receive replies, the WireGuard VPN is successfully established.
Congratulations! You’ve installed and configured WireGuard VPN on your Ubuntu 22.04 server. This VPN provides a secure way for your clients to connect to your server and access its resources over an encrypted tunnel. Be sure to keep your server and client configurations secure and up to date for optimal security.