BetaIT-Hub is in early access — your feedback helps us improve. Use the chat or email [email protected]

Tutorials/NETWORKING/Set Up a WireGuard VPN Server on Linux
BeginnerNETWORKING5 min read29 views

Set Up a WireGuard VPN Server on Linux

Complete guide to installing and configuring WireGuard VPN on a Linux server. Includes server setup, key generation, client configuration, and firewall rules.

A
adminEliteStaff
Published 65d ago
Sign in to vote & bookmark💬 0 comments

Set Up a WireGuard VPN Server on Linux

WireGuard is a modern, fast VPN that's built into the Linux kernel. It's simpler to configure than OpenVPN and delivers better performance.

Prerequisites

  • Ubuntu 22.04+ server with a public IP
  • Root access
  • A client device (laptop, phone, etc.)

Step 1: Install WireGuard

sudo apt update
sudo apt install wireguard

Step 2: Generate Server Keys

wg genkey | tee /etc/wireguard/server_private.key | wg pubkey > /etc/wireguard/server_public.key
chmod 600 /etc/wireguard/server_private.key

Step 3: Create Server Config

sudo nano /etc/wireguard/wg0.conf

[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = <server_private_key>
Enable NAT

PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]

Client 1

PublicKey = <client_public_key>
AllowedIPs = 10.0.0.2/32

Replace eth0 with your server's main network interface.

Step 4: Enable IP Forwarding

echo "net.ipv4.ip_forward = 1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

Step 5: Start WireGuard

sudo systemctl enable wg-quick@wg0
sudo systemctl start wg-quick@wg0
sudo wg show

Step 6: Open Firewall Port

sudo ufw allow 51820/udp

Step 7: Generate Client Keys

wg genkey | tee client_private.key | wg pubkey > client_public.key

Step 8: Create Client Config

[Interface]
Address = 10.0.0.2/24
PrivateKey = <client_private_key>
DNS = 1.1.1.1
[Peer]
PublicKey = <server_public_key>
Endpoint = your.server.ip:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25

Import this config into the WireGuard app on your device.

Step 9: Add More Clients

For each new client:

  1. Generate a new key pair
  2. Add a [Peer] block to the server config with the client's public key and a unique IP (10.0.0.3/32, 10.0.0.4/32, etc.)
  3. Restart WireGuard: sudo systemctl restart wg-quick@wg0

Troubleshooting

  • Can't connect? Check that port 51820/UDP is open on your cloud provider's firewall
  • No internet through VPN? Verify IP forwarding and NAT rules
  • Check status: sudo wg show shows connected peers and data transfer

Conclusion

You now have a working WireGuard VPN. It's one of the fastest and simplest VPN solutions available. Use it to secure your remote access and protect traffic on untrusted networks.

Comments (0)

Sign in to leave a comment

No comments yet. Be the first to share your thoughts.