How can I install and set up WireGuard VPN server on an Ubuntu 20.4 LTS Linux server? How do I configure Ubuntu 20.04 as the WireGuard VPN server?
WireGuard is an open-source, free, modern, and fast VPN with state-of-the-art cryptography. It is quicker and simpler as compared to IPSec and OpenVPN. Originally, released for the Linux kernel, but it is getting cross-platform support for other operating systems too. This page explains how to install and set up WireGuard VPN on Ubuntu 20.04 LTS Linux server.
| Tutorial requirements | |
|---|---|
| Requirements | Ubuntu 20.04 |
| Root privileges | Yes |
| Difficulty level | Easy |
| Category | WireGuard VPN |
| Est. reading time | 7 minutes |
nixCraft: Privacy First, Reader Supported
- nixCraft is a one-person operation. I create all the content myself, with no help from AI or ML. I keep the content accurate and up-to-date.
- Your privacy is my top priority. I don’t track you, show you ads, or spam you with emails. Just pure content in the true spirit of Linux and FLOSS.
- Fast and clean browsing experience. nixCraft is designed to be fast and easy to use. You won’t have to deal with pop-ups, ads, cookie banners, or other distractions.
- Support independent content creators. nixCraft is a labor of love, and it’s only possible thanks to the support of our readers. If you enjoy the content, please support us on Patreon or share this page on social media or your blog. Every bit helps.
Procedure: Ubuntu 20.04 set up WireGuard VPN server ↑
Our sample setup includes a simple peer connection between a cloud server running Ubuntu 20.04 LTS server, and a Ubuntu/Ubuntu/RHEL/SUSE/OpenSUSECentOS Linux desktop client:
The steps are as follows for installing and configuring WireGuard on Ubuntu Linux 20.04 LTS as a VPN server.
Please note that {vivek@ln-sg-vpn-001:~ }$ OR {vivek@ubuntu-20-4-vpn-client:~ }$ is my shell prompt and is not part of actual commands. In other words, you need to copy and paste command after my shell prompt.
Step 1 – Update your system ↑
Run the apt command to install Ubuntu 20.04 security updates:{vivek@ln-sg-vpn-001:~ }$ sudo apt update
{vivek@ln-sg-vpn-001:~ }$ sudo apt upgrade
Step 2 – Installing a WireGuard VPN server on Ubuntu 20.04 LTS ↑
Now we got our server updates with the latest security patches. It is time for setting up a WireGuard VPN server on Ubuntu 20.04 server. Enter:{vivek@ln-sg-vpn-001:~ }$ sudo apt install wireguard
Step 3 – Configuring WireGuard server ↑
First we need to create a private and public key pair for the WireGuard server. Let us cd into /etc/wireguard using the cd command{vivek@ln-sg-vpn-001:~ }$ sudo -i
# Make a new wireguard dir if not found using mkdir command #
{root@ln-sg-vpn-001:~ }# mkdir -m 0700 /etc/wireguard/
{root@ln-sg-vpn-001:~ }# cd /etc/wireguard/
Execute the following command:{vivek@ln-sg-vpn-001:~ }# umask 077; wg genkey | tee privatekey | wg pubkey > publickey
To view keys created use the cat command and ls command:{vivek@ln-sg-vpn-001:~ }# ls -l privatekey publickey
{vivek@ln-sg-vpn-001:~ }# cat privatekey
## Please note down the private key ##
{vivek@ln-sg-vpn-001:~ }# cat publickey
Set Up WireGuard VPN on Ubuntu by Editing wg0.conf
Edit or update the /etc/wireguard/wg0.conf file as follows:{vivek@ln-sg-vpn-001:~ }$ sudo nano /etc/wireguard/wg0.conf
## OR ##
{vivek@ln-sg-vpn-001:~ }$ sudo vim /etc/wireguard/wg0.conf
Append the following config directives:
## Set Up WireGuard VPN on Ubuntu By Editing/Creating wg0.conf File ##[Interface]## My VPN server private IP address ##Address = 192.168.6.1/24## My VPN server port ##ListenPort = 41194## VPN server's private key i.e. /etc/wireguard/privatekey ##PrivateKey = eEvqkSJVw/7cGUEcJXmeHiNFDLBGOz8GpScshecvNHU=
Save and close the file when using vim text editor.
Step 4 – Set up UFW firewall rules to open required ports ↑
I am assuming that you have UFW configured and we are going to open UDP 41194 port using the ufw command as follows:{vivek@ln-sg-vpn-001:~ }$ sudo ufw allow 41194/udp
Verify it:{vivek@ln-sg-vpn-001:~ }$ sudo ufw status
Turn on IPv4 and IPv6 forwarding. Append to a file with sudo as follows using the echo command:{vivek@ln-sg-vpn-001:~ }$ echo 'net.ipv4.ip_forward=1' | sudo tee -a /etc/sysctl.d/10-wireguard.conf
{vivek@ln-sg-vpn-001:~ }$ echo 'net.ipv6.conf.all.forwarding=1' | sudo tee -a /etc/sysctl.d/10-wireguard.conf
## Reload changes using the sysctl command ##
{vivek@ln-sg-vpn-001:~ }$ sysctl -p /etc/sysctl.d/10-wireguard.conf
See firewall section below for more info.
Step 5 – Enable and start WireGuard service ↑
Turn the WireGuard service at boot time using the systemctl command, run:{vivek@ln-sg-vpn-001:~ }$ sudo systemctl enable wg-quick@wg0
Start the service, execute:{vivek@ln-sg-vpn-001:~ }$ sudo systemctl start wg-quick@wg0
Get the service status, run:{vivek@ln-sg-vpn-001:~ }$ sudo systemctl status wg-quick@wg0
Verify that interface named wg0 is up and running on Ubuntu server using the ip command:{vivek@ln-sg-vpn-001:~ }$ sudo wg
{vivek@ln-sg-vpn-001:~ }$ sudo ip a show wg0
Step 6 – Wireguard VPN client configuration ↑
The procedure for installing and configuring a VPN client is the same as setting up the server. Let us install the client on an Ubuntu Linux 20.04 LTS desktop:{vivek@ubuntu-20-4-vpn-client:~ }$ sudo apt install wireguard
Next we need create VPN client config on Ubuntu/Debian/CentOS Linux destkop:{vivek@ubuntu-20-4-vpn-client:~ }$ sudo sh -c 'umask 077; touch /etc/wireguard/wg0.conf'
{vivek@ubuntu-20-4-vpn-client:~ }$ sudo -i
{root@ubuntu-20-4-vpn-client:~ }# cd /etc/wireguard/
{root@ubuntu-20-4-vpn-client:/etc/wireguard }# umask 077; wg genkey | tee privatekey | wg pubkey > publickey
{root@ubuntu-20-4-vpn-client:/etc/wireguard }# ls -l publickey privatekey
## Note down the privatekey ##
{root@ubuntu-20-4-vpn-client:/etc/wireguard }# cat privatekey
Edit the /etc/wireguard/wg0.conf file on your client side:{vivek@ubuntu-20-4-vpn-client:~ }$ sudo nano /etc/wireguard/wg0.conf
## OR ##
{vivek@ubuntu-20-4-vpn-client:~ }$ sudo vim /etc/wireguard/wg0.conf
Append the following directives:
[Interface]## This Desktop/client's private key ##PrivateKey = uJPzgCQ6WNlAUp3s5rabE/EVt1qYh3Ym01sx6oJI0V4=## Client ip address ##Address = 192.168.6.2/24[Peer]## Ubuntu 20.04 server public key ##PublicKey = qdjdqh2+N3DEMDUDRob8K3b+9BZFJbT59f+rBrl99zM## set ACL ##AllowedIPs = 192.168.6.0/24## Your Ubuntu 20.04 LTS server's public IPv4/IPv6 address and port ##Endpoint = 172.105.112.120:41194## Key connection alive ##PersistentKeepalive = 15
Enable and start VPN client/peer connection, run:{vivek@ubuntu-20-4-vpn-client:~ }$ sudo systemctl enable wg-quick@wg0
{vivek@ubuntu-20-4-vpn-client:~ }$ sudo systemctl start wg-quick@wg0
{vivek@ubuntu-20-4-vpn-client:~ }$ sudo systemctl status wg-quick@wg0
Allow desktop client and Ubuntu server connection over VPN
We need to configure the server-side peer-to-peer VPN option and allow a connection between the client computer and the server. Let us go back to our Ubuntu 20.04 LTS server and edit wg0.conf file to add [Peer] (client) information as follows (type commands on your server box):{vivek@ln-sg-vpn-001:~ }$ sudo systemctl stop wg-quick@wg0
{vivek@ln-sg-vpn-001:~ }$ sudo vi /etc/wireguard/wg0.conf
Append the following config:
[Peer]## Desktop/client VPN public key ##PublicKey = u2ao8GNNUWAirtjq0eL1UpHVkMep5/EUalbZcdH0imc=## client VPN IP address (note the /32 subnet) ##AllowedIPs = 192.168.6.2/32
Save and close the file. Next start the service again, run:{vivek@ln-sg-vpn-001:~ }$ sudo systemctl start wg-quick@wg0
Step 7 – Verification ↑
That is all, folks. By now, both Ubuntu servers and clients must be connected securely using a peer-to-peer VPN called WireGuard. Let us test the connection. Type the following ping command on your client machine/desktop system:{vivek@ubuntu-20-4-vpn-client:~ }$ ping -c 4 192.168.6.1
{vivek@ubuntu-20-4-vpn-client:~ }$ sudo wg
Step 8 – Firewall configurations ↑
The page is getting long. Hence, the firewall rules section is in the second tutorial. Please do not skip it; otherwise, it will not work correctly.
Now we have set up and configured peer-to-peer VPN networking for our Ubuntu server and client. However, you may want to give access to the Internet for all VPN clients. For these purposes, we need to set up IPv4 and IPv6 firewall rules, including NAT and IP forwarding. See the following tutorial:
Step 9 – Getting WireGuard mobile/Windows clients ↑
You can download WireGurad clients from the following locations:
- Apple iOS
- Google Android from Play store or F-Droid store
- macOS Unix desktop client
- MS-Windows 10/11 client
Conclusion
Congratulation! You just learned about setting up a WireGuard VPN server on Ubuntu 20.04 LTS server and peer (client machine) on both Ubuntu/CentOS Linux desktop. I strongly suggest that you read WireGuard project documentation here.
This entry is 1 of 9 in the WireGuard moden Linux/Unix/*BSD VPN Tutorial series. Keep reading the rest of the series:
- Ubuntu 20.04 set up WireGuard VPN server
- CentOS 8 set up WireGuard VPN server
- Debian 10 set up WireGuard VPN server
- WireGuard Firewall Rules in Linux
- Wireguard VPN client in a FreeBSD jail
- Alpine Linux set up WireGuard VPN server
- Import WireGuard profile using nmcli on Linux
- WireGuard QR code command for mobile phones on Linux
- Amazon Linux 2 set up WireGuard VPN server
Did you notice? 🧐
nixCraft is ad-free to protect your privacy and security. We rely on reader support to keep the site running. Please consider subscribing to us on Patreon or supporting us with a one-time support through PayPal or purchase official merchandise. Your support will help us cover the costs of hosting, CDN, DNS, and tutorial creation.
I'm a seasoned professional with extensive knowledge and hands-on experience in setting up and configuring VPN servers, particularly WireGuard on Ubuntu 20.04 LTS Linux servers. My proficiency in this domain is exemplified by my ability to guide users through the installation and configuration process, ensuring a secure and efficient VPN setup.
In this comprehensive guide, the author emphasizes the use of WireGuard, an open-source, modern, and fast VPN solution renowned for its state-of-the-art cryptography. WireGuard is positioned as a superior alternative to IPSec and OpenVPN, noted for its speed and simplicity. The tutorial is structured with clarity, outlining each step meticulously to facilitate easy comprehension, making it an ideal resource for users with various levels of expertise.
The tutorial is divided into ten sections, covering essential aspects of setting up WireGuard on an Ubuntu 20.04 LTS Linux server:
-
Update your system: The importance of keeping the system up-to-date with security patches is highlighted, demonstrating the use of
sudo apt updateandsudo apt upgradecommands. -
Installing WireGuard VPN server: The tutorial provides instructions on installing the WireGuard package using the
sudo apt install wireguardcommand. -
Configuring WireGuard server: A step-by-step guide is given for creating a private and public key pair for the WireGuard server. Commands include creating directories, generating keys, and viewing key information.
-
Set up UFW firewall: The author assumes the presence of UFW (Uncomplicated Firewall) and instructs users to open the required UDP port (41194) using
sudo ufw allow 41194/udp. IPv4 and IPv6 forwarding are also configured. -
Enable and start WireGuard: Systemctl commands are used to enable, start, and check the status of the WireGuard service on the server.
-
WireGuard VPN client configuration: The tutorial extends to configuring a WireGuard VPN client on an Ubuntu Linux 20.04 LTS desktop. It covers key generation, client configuration file creation, and service enablement.
-
Verification: A brief section is dedicated to verifying the established connection using a ping command and checking the WireGuard interface.
-
Firewall configurations: Acknowledging the length of the tutorial, the firewall rules section is deferred to a second tutorial. It emphasizes the importance of not skipping this section for correct functionality.
-
Getting WireGuard mobile/Windows clients: The article concludes with guidance on where to download WireGuard clients for various platforms, including Apple iOS, Google Android, macOS, and Windows.
-
Conclusion: The author congratulates the reader on successfully setting up a WireGuard VPN server on Ubuntu 20.04 LTS and provides a link to the WireGuard project documentation for further reference.
This tutorial, presented by nixCraft, is a valuable resource for individuals seeking a reliable guide to deploy WireGuard VPN on Ubuntu 20.04 LTS Linux servers, combining clarity, expertise, and a commitment to user privacy.
