How to Setting Up WireGuard on Ubuntu

Prerequisites

1. A server running Ubuntu 24.04 with sudo privileges.
2. Access to the server via SSH.

Step 1: Install WireGuard

Update your package list and install WireGuard:

sudo apt update
sudo apt install wireguard

Step 2: Generate Key Pair

Generate a private and public key pair:

umask 077
wg genkey | tee privatekey | wg pubkey > publickey

Step 3: Choose IP Addresses

Assign an internal IP address for the WireGuard interface, e.g., 10.0.0.1/24.

Step 4: Create WireGuard Server Configuration

Create a configuration file for WireGuard:

sudo nano /etc/wireguard/wg0.conf

Example content:

[Interface]
PrivateKey = <server_private_key>
Address = 10.0.0.1
ListenPort = 51820

[Peer]
PublicKey = <peer_public_key>
AllowedIPs = 10.0.0.2/32

Step 5: Configure Network Settings

Enable IP forwarding:

sudo sysctl -w net.ipv4.ip_forward=1

To make this permanent:

sudo nano /etc/sysctl.conf

Uncomment or add:

net.ipv4.ip_forward=1

Step 6: Set Up Firewall

Allow traffic on WireGuard’s port:

sudo ufw allow 51820/udp

Step 7: Start WireGuard Service

Start and enable the WireGuard service:

sudo systemctl start wg-quick@wg0.service
sudo systemctl enable wg-quick@wg0.service

Step 8: Configure Peer

On the client device, generate its key pair and configure it to connect to the server.

Example client configuration:

[Interface]
PrivateKey = <client_private_key>
Address = 10.0.0.2

[Peer]
PublicKey = <server_public_key>
Endpoint = <server_ip>:51820
AllowedIPs = 0.0.0.0/0

Step 9: Add Peer to Server Configuration

Add the peer’s public key to the server’s WireGuard configuration:

[Peer]
PublicKey = <client_public_key>
AllowedIPs = 10.0.0.2/32

Restart the WireGuard service:

sudo systemctl restart wg-quick@wg0.service

Step 10: Connect the Peer

On the peer device, bring up the WireGuard interface:

sudo wg-quick up wg0

With these steps, your WireGuard VPN should be set up on Ubuntu 24.04.