Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11How to set up Wireguard VPN on Linux
It offers a fast and lightweight alternative to traditional VPNs like IPsec and OpenVPN. Today's article will show you how to install Wireguard and create a simple VPN setup using 3 Linux machines.
Download Wireguard
The first step to setting up Wireguard on Linux is to download its core tools from the distribution's repository. This allows you to control the built-in Wireguard kernel module using userspace commands.
To install core tools in Ubuntu and Debian, run the following command:
sudo apt install wireguard wireguard-toolsIn Fedora you can use the dnf package manager:
sudo dnf install wireguard-toolsFor Arch Linux, you can run pacman to load Wireguard's core tools:
sudo pacman -S wireguard-toolsConfirm that you have correctly installed the Wireguard tools by loading its help screen:
wg -h 
Set up Wireguard server
Assumptions : This article assumes that you are installing the Wireguard server on a Linux system with a publicly accessible IPv4 address. The instructions will still work on the server behind a NAT, but it will not find nodes outside of its subnet.
With the Wireguard core toolkit on your Linux machine, you can now set up a VPN server node. This node will act as the Internet gateway for client nodes in the network.
Start by navigating to the Wireguard configuration folder and setting its default permissions to "root only":
cd /etc/wireguard sudo umask 077Note : Some systems may prevent you from accessing the "/etc/wireguard" directory as a regular user. To fix that, switch to the root user with sudo -s .
Create public and private keys for Wireguard server:
sudo sh -c 'wg genkey | tee /etc/wireguard/server-private-key | wg pubkey > /etc/wireguard/server-public-key'Create a server configuration file using your favorite text editor:
sudo nano /etc/wireguard/wg0.confPaste the following code block into the server configuration file:
[Interface] PrivateKey = PASTE-YOUR-SERVER-PRIVATE-KEY-HERE Address = 10.0.0.1/32 ListenPort = 60101 PostUp = iptables -t nat -I POSTROUTING -o NETWORK-INTERFACE-HERE -j MASQUERADE PostDown = iptables -t nat -D POSTROUTING -o NETWORK-INTERFACE-HERE -j MASQUERADEOpen a new terminal session, then print the server's Wireguard private key:
sudo cat /etc/wireguard/server-private-keyCopy the server's private key to the clipboard.
Replace the value of the PrivateKey variable with the key on the clipboard.
Find the network interface that has Internet access using the ip command:
ip route get 8.8.8.8 
Set the value of the -o flag on both the PostUp and PostDown variables to an interface with Internet access, then save the configuration file.
Open the server's "/etc/sysctl.conf" file with your favorite text editor:
sudo nano /etc/sysctl.confScroll down to the line containing net.ipv4.ip_forward=1 , then remove the pound sign (#) in front.
Reload the new sysctl configuration by running: sudo sysctl -p .
Set up and connect the Wireguard client
You now have a properly configured Wireguard server without any peers. To use it, you need to set up and connect your first Wireguard client.
Navigate to the client system's Wireguard configuration directory and set its default permissions:
cd /etc/wireguard sudo umask 077Create the client's Wireguard key pair with the following command:
sudo sh -c 'wg genkey | tee /etc/wireguard/client1-private-key | wg pubkey > /etc/wireguard/client1-public-key'Create the client's Wireguard configuration file using your favorite text editor:
sudo nano /etc/wireguard/wg0.confPaste the following code block into the client configuration file:
[Interface] PrivateKey = PASTE-YOUR-CLIENT1-PRIVATE-KEY-HERE Address = 10.0.0.2/32 ListenPort = 60101 [Peer] PublicKey = PASTE-YOUR-SERVER-PUBLIC-KEY-HERE AllowedIPs = 0.0.0.0/0 Endpoint = PASTE-YOUR-SERVER-IP-ADDRESS-HERE:60101 PersistentKeepalive = 25Replace the PrivateKey variable with the client's private key.
Open the Wireguard server's terminal session, then print its public key:
sudo cat /etc/wireguard/server-public-keySet the value of the PublicKey variable to the server's public key.
Change the Endpoint variable to the IP address of the Wireguard server.
Save the configuration file, then use the wg-quick command to start the Wireguard client:
sudo wg-quick up wg0 
Note : This command will disable the client's network connection until you start the Wireguard server. To get back to the original network, run sudo wg-quick down wg0 .
Link the Wireguard server to the client
Access the Wireguard server's terminal session, then open the server's configuration file:
sudo nano /etc/wireguard/wg0.confPaste the following block of code after the [Interface] section:
[Peer] PublicKey = PASTE-YOUR-CLIENT1-PUBLIC-KEY-HERE AllowedIPs = 10.0.0.2/32 PersistentKeepalive = 25Set the PublicKey variable to the Wireguard client's public key.
Note : You can get the public key by running sudo cat /etc/wireguard/client1-public-key on your client.
Save the configuration file, then run the following command to start the Wireguard service on the server:
sudo wg-quick up wg0
Micah SotoYou should read it
- Compare the most popular Linux distributions today
- 7 best Linux distributions based on Red Hat
- Basic Linux commands everyone needs to know
- What's new in Linux Kernel 5.18?
- 6 reasons why the Linux operating system often fails
- 8 best Linux distros for pentest
- Why are Linux computers still important?
- 10 reasons to switch to Linux right in 2012
May be interested
- Why are Linux computers still important?
phrases like 'the year of the linux computer' or something like that will probably never appear on the market. does this mean linux computers have no power at all? absolutely not! computers running the linux operating system are still great. - 10 reasons to switch to Linux right in 2012some people 'denigrate' the diversity of linux to cause fragmentation problems, but in fact this is one of the best strengths of linux. users have numerous linux distributions (distros) to choose from, whether it's mint or ubuntu, which is top-notch, or fedora with a variety of features for businesses and especially security.
- What is Puppy Linux? Everything you need to know about Puppy Linuxa linux distro that can run on virtually any computer with minimal configuration and computing resources is puppy linux.
- The 5 most awaited things in Linux in 2019linux has improved a lot in the past few years. some people who are not knowledgeable about technology have moved from windows to linux and responded very positively to this operating system.
- How does the Linux Kernel work?the linux kernel is like a bridge that allows computing communication between applications and hardware, as well as managing the system's resources.
- How to Learn Linuxlearning linux is not a one day task but it isn't herculean either. linux can be a good and safe os for both home and enterprise level users. keep in mind before saying 'hey, i'm going to start working on linux from tomorrow' that there is...
- What do you know about Linux distros?linux has existed for nearly 30 years, this is a historic journey. if you are interested in the history of some of the major linux distributions, read the following article.
- 8 small utilities for a better Linux experiencelinux is one of the most flexible operating systems you can use today. from the interface to the internal functions, you can customize almost everything on your linux pc.
- 7 ways to run Linux software on Windowslinux users want to run windows software on linux, whereas windows users want to use linux software. even if you are looking for a better development environment, more powerful command-line tools, you can run linux software without removing windows.
- From today, owning Linux LPI certificate will be easier!lpi (linux professional institute), a world leader in international linux certification for open source professionals, has officially entered the vietnamese market.
How to use read command in Linux
Reasons to switch to Linux
How to find large files on Linux
How to install Umami on Linux
5 ways to use Linux to improve your Windows experience
How to install Microweber CMS on CentOS and Rocky Linux