How to set up Wireguard Server

WireGuard is a modern VPN protocol that is easy to set up and configure. Here are the steps to set up a WireGuard server:

Setup Server

  1. Choose a server platform: WireGuard can be set up on many platforms including Linux, Windows, macOS, Android, and iOS. For this guide, we will use a Linux server running Ubuntu 22.04.
  2. Install WireGuard: First, you need to install WireGuard on your server. On Ubuntu 22.04, you can do this with the following command:
sudo apt install wireguard
  1. Generate a private and public key pair: Each WireGuard server and client needs a private key and a public key. On your server, generate a private key with the following command:
umask 077
wg genkey | tee privatekey | wg pubkey > publickey

This will create two files, privatekey and publickey, in the current directory. Keep the private key secret and distribute the public key to your clients.

  1. Configure WireGuard: Next, you need to create a configuration file for WireGuard. Create a new file /etc/wireguard/wg0.conf with the following content:
[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = <server private key>

[Peer]
PublicKey = <client public key>
AllowedIPs = 10.0.0.2/32

Replace <server private key> with the private key you generated in step 3. Replace <client public key> with the public key of your client. You can add more [Peer] sections for additional clients.

  1. Start WireGuard: Start the WireGuard service with the following command:
sudo systemctl start [email protected]
  1. Enable WireGuard: Enable the WireGuard service to start automatically at boot with the following command:
sudo systemctl enable [email protected]

Setup Client

  1. Choose a client platform: WireGuard clients are available for many platforms including Linux, Windows, macOS, Android, and iOS. For this guide, we will use a Linux client running Ubuntu 22.04.
  2. Install WireGuard: First, you need to install WireGuard on your client. On Ubuntu 22.04, you can do this with the following command:
sudo apt install wireguard
  1. Generate a private and public key pair: Each WireGuard client needs a private key and a public key. On your client, generate a private key with the following command:
umask 077
wg genkey | tee privatekey | wg pubkey > publickey

This will create two files, privatekey and publickey, in the current directory. Keep the private key secret and distribute the public key to your server.

  1. Configure WireGuard: Next, you need to create a configuration file for WireGuard. Create a new file /etc/wireguard/wg0.conf with the following content:
[Interface]
Address = 10.0.0.2/24
PrivateKey = <client private key>

[Peer]
PublicKey = <server public key>
AllowedIPs = 0.0.0.0/0
Endpoint = <server IP address>:51820

Replace <client private key> with the private key you generated in step 3. Replace <server public key> with the public key of your server. Replace <server IP address> with the IP address of your server.

Note that the AllowedIPs parameter is set to 0.0.0.0/0 to route all traffic through the VPN. You can adjust this to restrict the traffic that goes through the VPN.

sudo systemctl start [email protected]
  1. Enable WireGuard: Enable the WireGuard service to start automatically at boot with the following command:
sudo systemctl enable [email protected]

That’s it! You have set up a WireGuard client. Remember to distribute the public key to your server and update the AllowedIPs parameter in the configuration file to restrict or allow access to the resources on your server.