What is WireGuard VPN?
Compared to other established VPN protocols like OpenVPN and IPsec, the newer and more lightweight Wireguard offers significant advantages. Therefore, since its introduction in 2016, numerous VPNs have started using it. Though it was created for Linux first, it is now available for and supported by all major platforms.
Whether you’re a tec savvy user or just someone looking to improve their online security, this article gives you a better understanding of why WireGuard VPN is quickly becoming a popular choice for many users.
Features of WireGuard
All in all, the WireGuard is equipped with the following features that make it capable of accomplishing its goals.
- Supports IPv4 and IPv6 protocols and operates as a Layer 3 secure network tunnel. Moreover, it allows for the encapsulation of v4 data in v6 format and vice versa.
- Being a UDP based service is a key factor in its lightning fast performance. Therefore, it is a more efficient VPN protocol for network bandwidth use.
- Functions in the Linux kernel as a virtual network interface.
- This system is based on the most sound cryptographic practices of the present day.
- Authentication approach it uses is quite similar to that of OpenSSH. Mutual authentication is performed using short pre shared static keys with Curve25519 points.
- WireGuard is used to implement the Mesh, Point to Point and Star topologies.
- The advanced cryptographic techniques that form the basis of WireGuard’s security and encryption are another distinguishing feature. Using a method called “cryptokey routing,” IP addresses for both the server and the client are permanently saved in the server’s configuration files.
Advantages of WireGuard
Significantly, WireGuard is a significant improvement over previous VPNs and has far reaching implications for the security industry.
1. Steady Connection
In contrast to the current norm, Wireguard creates very reliable connections. This implies that, unlike with other protocols, switching between your wireless network and WiFi won’t cause your VPN connection to be disrupted. When switching between networks, WireGuard quickly connects and reconnects. In addition, it maintains a connection when most VPN protocols fail.
2. Safe connection
Another key point of WireGuard is that it’s VPN service uses safe defaults and clever, cutting edge cryptographic primitives. Furthermore, it is much more compact and straightforward than previous protocols, making it much easier for security experts to audit. To secure communications between a client and a VPN server, the WireGuard VPN protocol uses military grade encryption.
3. Speed
Fast cryptographic code is used in WireGuard (More than 1000 Mbps in terms of throughput). Expected to give any protocol solution’s highest speed, and bandwidth since its activities are carried out inside a Linux kernel module.
Regular VPN connections usually take between 5 and 10 seconds to establish. As a result, Wireguard normally only takes one to two seconds, and the connection is sometimes so fast that it seems instant.
4. Convenience in use and deployment
Besides, WireGuard is a simple programme to set up on both the client and server sides. The platform’s app store provides access to various pre built client programmes for computers and mobile devices.
5. Configurations
Since WireGuard only employs public keys, the certificate infrastructure needs to be revised. That, too, is for the sake of recognition and security. With this feature, WireGuard may be easily set up to work with any software.
How to Install WireGuard on Ubuntu 20.04 / 22.04 (Step by Step)
Prerequisites
- Two servers running Ubuntu 20.04 or Ubuntu 22.04.
- A root user or a user with sudo privileges.
Step 1 - Perform System Update
First, it is a good idea to update and upgrade all the system packages to the latest version. You update all of them by running the following command.
apt update -y
apt upgrade -y
After upgrading all the system packages, you also need to install the Iptables package on your server. Install it using the following command.
apt install iptables -y
Once the Iptables package is installed, you proceed to the next step.
Step 2 - Configuring IP Forwarding
Next, you also need to enable the IP forwarding on your server to route all traffic via VPN server. Do it by editing sysctl.conf file.
nano /etc/sysctl.conf
Change the following line.
net.ipv4.ip_forward=1
Save and close the file then run the following command to apply the changes.
sysctl -p
You will get the following output.
net.ipv4.ip_forward = 1
Once you are done, you proceed to install WireGuard.
Step 3 - Installing WireGuard VPN
By default, the WireGuard package is available in the Ubuntu default repository. Install it using the APT command.
apt install wireguard -y
Once the WireGuard package is installed, please proceed to the next step.
Step 4 - Creating Private and Public Key
As noted, WireGuard provides the wg and wg-quick command line utility that helps you to manage the WireGuard interface. So, you also need to create a public and private key on each machine in the WireGuard VPN network. Generate them via following command.
wg genkey | tee /etc/wireguard/privatekey | wg pubkey | tee /etc/wireguard/publickey
Once both keys are generated, you get the following output.
Nt/YhewkYGaZChkVXiUXduHY5WTWa1/TLW1UVu5Ut1I=
The above command creates two files named privatekey and publickey in the /etc/wireguard directory. Check the content of both files using the following command.
cat /etc/wireguard/privatekey /etc/wireguard/publickey
This shows you the content of both keys in the following output.
MF1WKWo1kXSy8MNy4tl3N3eAftUvAFQIZ0z6AUS3Ul4=
Nt/YhewkYGaZChkVXiUXduHY5WTWa1/TLW1UVu5Ut1I=
Once you are done, you proceed to the next step.
Step 5 - Configuring WireGuard VPN Server
Next, you need to configure the WireGuard VPN server to route the VPN traffic. Do it by creating a new file named wg0.conf.
nano /etc/wireguard/wg0.conf
Add the following configurations.
[Interface]
Address = 10.0.0.1/24
SaveConfig = true
ListenPort = 51820
PrivateKey = MF1WKWo1kXSy8MNy4tl3N3eAftUvAFQIZ0z6AUS3Ul4=
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
Save and close the file when you are done.
Here is the brief summary of each option.
- Address – Define the private IP address range.
- ListenPort – Define on which port WireGuard listens.
- PrivateKey – Private key of the server.
- PostUp – This command runs before bring up the interface.
- PostDown – This command runs after bring up the interface.
Next, set proper permission on the key files using the following command.
chmod 600 /etc/wireguard/{privatekey,wg0.conf}
Step 6 - Bringing Up WireGuard Interface
At this point, the WireGuard server is installed and configured. Now you bring up the interface using the following command.
wg-quick up wg0
You will get the following screen.
In order to bring the interface down, run the following command.
wg-quick down wg0
Actually, you can also bring up the WireGuard interface via systemd. To start the WireGuard interface, run the following command.
systemctl start wg-quick@wg0.service
Should you want to enable the WireGuard service to start at system reboot, run the following command.
systemctl enable wg-quick@wg0.service
Verify the status of WireGuard service using the following command.
systemctl status wg-quick@wg0.service
If you want to check the interface status, run the following command.
wg show wg0
You should see the following screen.
If you want to see the IP address of the WireGuard interface, run the following command.
ip a show wg0
This shows you the IP address in the following screen.
Step 7 - Setting Up WireGuard Client
In this section, we navigate you through steps how to install and configure WireGuard VPN client.
First, go to the client machine and install the WireGuard with the following command.
apt install wireguard -y
After installing the WireGuard VPN package, generate a private and public key using the following command.
wg genkey | tee /etc/wireguard/privatekey | wg pubkey | tee /etc/wireguard/publickey
You should see the following output.
RSDjZMSOplyU5jdIOwqn6D2DnNQfja8FtB+6uook8iU=
Now, verify the content of both key using the following command.
cat /etc/wireguard/privatekey /etc/wireguard/publickey
Now you shall get the content of both files as shown below.
uK0ez93bCssvk4//SO3jg2DWjL1EaVwfJR39m/rVK10=
RSDjZMSOplyU5jdIOwqn6D2DnNQfja8FtB+6uook8iU=
Next, create a WireGuard client configuration file with the following command.
nano /etc/wireguard/wg0.conf
Add the following configurations.
[Interface]
PrivateKey = uK0ez93bCssvk4//SO3jg2DWjL1EaVwfJR39m/rVK10=
Address = 10.0.0.2/24
[Peer]
PublicKey = Nt/YhewkYGaZChkVXiUXduHY5WTWa1/TLW1UVu5Ut1I=
Endpoint = 209.23.9.83:51820
AllowedIPs = 0.0.0.0/0
Save and close the file when you are done.
A brief summary of each options is shown below.
- PrivateKey – Define the private key of client machine.
- Address – Define the private IP address range.
- PublicKey – Define the public key of server.
- Endpoint – Define the IP address of WireGuard server.
- AllowedIPs – Define the list of allowed IPs.
Concurrently, next is to add the client peer to the server machine. Add it by running the following command on the server machine.
wg set wg0 peer RSDjZMSOplyU5jdIOwqn6D2DnNQfja8FtB+6uook8iU= allowed-ips 10.0.0.2
Finally, bring up the WireGuard interface using the following command.
wg-quick up wg0
You should see the following screen.
Now, go back to your server machine and verify the WireGuard connection status using the following command.
wg
You should see the WireGuard connection information in the following screen.
If you want to disconnect from the VPN connection, run the following command on the client machine.
wg-quick down wg0
How to Install WireGuard on Ubuntu 20.04 / 22.04 (Step by Step) Conclusion
Summing up, in this guide, we explained how to install WireGuard on Ubuntu 20.04 / 22.04. Use WireGuard VPN to surf the internet anonymously by keeping your traffic private.
Finally, you shall look no further than WireGuard for a state of the art VPN service. When compared to similar products, it outperforms the competition. This lightweight protocol is also rather secure. So, if you’re still struggling with slow or unreliable VPN connections or if you’re simply looking for a better way to protect your online privacy, give WireGuard VPN a try.
