Setting up Wireguard based VPN is quite easy. Depending on your distribution you install kernel headers (as Wireguard is loaded kernel module), install Wireguard and configure it and you’re off to the races.
With Linux kernel 5.6 Wireguard will be built in so this process will be even simpler.
Currently on my Ubuntu (18.04) based server, I had to do the following:
apt-get update apt-get install linux-headers-$(uname -r) add-apt-repository ppa:wireguard/wireguard apt-get install wireguard
Since that automatically built kernel module, loading it with:
Should be enough. As I also had some kernel version discrepancies on this VPS I had to reboot server to load into newer kernel.
To configure server I had basically done the following.
Enable IPv4 address forwarding
sysctl -w net.ipv4.ip_forward=1
Generate private/public key
cd /etc/wireguard/ wg genkey > private-key wg pubkey > public-key < private-key
While configuring Wireguard I’ve also added peer immediately since I’ve already generated key on client and sent its public key to this server.
[Interface] Address = 10.0.0.1/24 SaveConfig = true PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWAR D -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORW ARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE ListenPort = 51820 PrivateKey = REDACTED_SERVER_PRIVATE_KEY [Peer] PublicKey = REDACTED_CLIENT_PUBLIC_KEY AllowedIPs = 10.0.0.3/32
Of course you need to replace:
- REDACTED_SERVER_PRIVATE_KEY with contents of that private-key file we’ve generated previously
- REDACTED_CLIENT_PUBLIC_KEY with contents of the public key on the client side
- You also need to configure client with contents of the public-key file
Once everything is in place start up the service on the server:
wg-quick up wg0
Then on the client you can also toggle connection.