- Posted on
WireGuard is a new, fast, and simple VPN protocol now integrated into the Linux kernel (version 5.4 and later).
Installation on Ubuntu is straightforward using the apt package manager:
sudo apt install wireguard
Configuration involves generating private and public keys using wg genkey and wg pubkey.
The server and client configurations are managed through text files (e.g., wg0.conf), specifying private keys, IP addresses, listening ports, and peer public keys.
To route all client traffic through the VPN, use AllowedIPs = 0.0.0.0/0 in the client configuration. The server needs IP forwarding enabled (/proc/sys/net/ipv4/ip_forward = 1).
A persistent keep-alive setting (e.g., PersistentKeepalive = 30) is recommended to prevent connection drops caused by firewalls or NAT devices.
The server needs to explicitly allow the client by adding the client's public key and allowed IPs to the server's configuration using wg set.
WireGuard uses UDP, which is stateless, so the keep-alive setting is crucial for maintaining the connection.
Flexible configuration options allow for routing only specific traffic through the VPN, rather than all traffic.
00:00 Introduction
01:50 Installation on server & client
02:50 Create private and public server keys
04:24 Configure server interface
07:00 Create private and public client keys
07:34 Configure client interface
10:55 Add Client peer to the server configuration
12:03 Configure persistent keep-alive
13:58 Test the connection via ping
14:30 Configure the server to forward network packets
16:05 How to change clients traffic routing
17:10 Summary
💡 Support the creator: Patreon - Christian Lempa