Cedric Fung

Mixin me 25566

Ubuntu WireGuard Setup

Oct 25, 2019

Now I use WireGuard to protect my network connection, both the server and client are running Ubuntu.

Install and generate a pair of keys on both machines in the same way.

sudo add-apt-repository ppa:wireguard/wireguard
sudo apt install wireguard
wg genkey | tee privatekey | wg pubkey > publickey

Get the server network interface name with ip addr, mine is ens4. Create the server WireGuard configuration file /etc/wireguard/wg0.conf.

[Interface]
ListenPort = 17173
PrivateKey = <SERVER PRIVATE KEY>
Address = 10.100.0.1/24
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens4 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens4 -j MASQUERADE

[Peer]
PublicKey = <CLIENT PUBLIC KEY>
AllowedIPs = 10.100.0.1/24

Then start the process and enable it for automatic running when the system boot.

wg-quick up wg0
sudo systemctl enable wg-quick@wg0

The client configuration is similar.

[Interface]
PrivateKey = <CLIENT PRIVATE KEY>
Address = 10.100.0.101/24
DNS = 8.8.8.8
MTU = 1420
PostUp = ip route add <SERVER IP ADDRESS> via 192.168.1.1; ip route del default; ip route add default dev wg0
PostDown = ip route del <SERVER IP ADDRESS> via 192.168.1.1; ip route add default via 192.168.1.1

[Peer]
PublicKey = <SERVER PUBLIC KEY>
Endpoint = <SERVER IP ADDRESS>:17173
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 10

Confirm the client IP is now the same as the server by curl ifconfig.me.

About the Author

Core developer of Mixin Network. Passionate about security and privacy. Strive to formulate elegant code, simple design and friendly machine.

25566 @ Mixin Messenger

https://vec.io