Cedric Fung

Mixin me 25566

Ubuntu WireGuard Setup

Oct 25, 2019

Now I use WireGuard to protect my network connection, both the server and client are running Ubuntu.

Install and generate a pair of keys on both machines in the same way.

sudo add-apt-repository ppa:wireguard/wireguard
sudo apt install wireguard
wg genkey | tee privatekey | wg pubkey > publickey

Get the server network interface name with ip addr, mine is ens4. Create the server WireGuard configuration file /etc/wireguard/wg0.conf.

[Interface]
ListenPort = 17173
PrivateKey = <SERVER PRIVATE KEY>
Address = 10.100.0.1/24
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens4 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens4 -j MASQUERADE

[Peer]
PublicKey = <CLIENT PUBLIC KEY>
AllowedIPs = 10.100.0.1/24

Then start the process and enable it for automatic running when the system boot.

wg-quick up wg0
sudo systemctl enable wg-quick@wg0

The client configuration is similar.

[Interface]
PrivateKey = <CLIENT PRIVATE KEY>
Address = 10.100.0.101/24
DNS = 8.8.8.8
MTU = 1420
PostUp = ip route add <SERVER IP ADDRESS> via 192.168.1.1; ip route del default; ip route add default dev wg0
PostDown = ip route del <SERVER IP ADDRESS> via 192.168.1.1; ip route add default via 192.168.1.1

[Peer]
PublicKey = <SERVER PUBLIC KEY>
Endpoint = <SERVER IP ADDRESS>:17173
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 10

Confirm the client IP is now the same as the server by curl ifconfig.me.