Build a VPN Tunnel with WireGuard
Tunneled
After completing the setup, the laptop, which acts as a server in our case, will take responsibility for transporting the network packets and will reside between the client and, for example, any websites it visits, accepting requests and returning responses. This connection is encrypted in both directions. Visited websites only see the server's IP address, not your own.
Setting up a VPN with WireGuard is easier than with its competitors (which sometimes require a demanding configuration that is easily beyond a beginner's capabilities). With the recent addition of WireGuard to the mainline kernel, its adoption is expected to continue to grow; over time, the configuration is likely to be simplified with additional tools.
Installing WireGuard
Unlike its competitors, WireGuard uses the same software on the server and the clients. After installing the wireguard package via the server's and the clients' package managers, start the process of generating private and public keys; this is comparable to the same procedure in SSH. You need to create a key pair for each device that will have access to the VPN. The two computers on either end of the WireGuard tunnel each need the public keys from the other end. WireGuard does not care whether the server is on the Internet or a local network.
If you are using Ubuntu 20.04, the best way to install WireGuard is to type the following at the command line
sudo apt install wireguard
rather than using the graphical package manager, which only gives you an outdated third-party snap package (Figure 1). Also make sure that the header files are installed to match the kernel.
After installing the package, you still need to enable IP forwarding on the designated WireGuard server. As root, open the /etc/sysctl.conf
file in an editor and uncomment the lines #net.ipv4.ip_forward=1
for IPv4 or #net.ipv6.conf.all.forwarding=1
for IPv6 (Listing 1). Then reload the system configuration (Listing 2) by typing:
sudo sysctl -p
Listing 1
Enabling IP Forwarding
[...] # Uncomment the next line to enable packet forwarding for IPv4 net.ipv4.ip_forward=1 [...] # Uncomment the next line to enable packet forwarding for IPv6 # Enabling this option disables Stateless Address Autoconfiguration # based on Router Advertisements for this host net.ipv6.conf.all.forwarding=1 [...]
Listing 2
Reloading WireGuard
### Install Wireguard $ sudo apt update $ sudo apt install wireguard resolvconf ### Only on the Wireguard server: $ sudo nano /etc/sysctl.conf $ sudo sysctl -p
Key Services
Now create the required private and public keys on the server and clients (shown in Listing 3). Finally, check that the keys have been created with the ls
command (Figure 2). It is best to copy both public keys into a text file and save them on a USB stick for later configuration.
Listing 3
Creating Private and Public Keys
$ sudo -s $ cd /etc/wireguard ### Generate key on server: $ umask 077; wg genkey | tee <client1>.key | wg pubkey > <client1>.pub ### Generate key on client: $ umask 077; wg genkey | tee <client2>.key | wg pubkey > <client2>.pub ### Check key on server: $ ls -al total 24 drwx------ 2 root root 4096 Apr 30 19:49 . drwxr-xr-x 131 root root 12288 Apr 30 19:47 .. -rw------- 1 root root 45 Apr 30 19:49 client1.key -rw------- 1 root root 45 Apr 30 19:49 client1.pub $ cat /etc/wireguard/client1.key YBwK1N1O7OwOEtWCFnxwF9aVB0GK5YUNxEtU1pyVuUs= $ cat /etc/wireguard/client1.pub LnEReQTHUY7FIMaAR6qVcCfk95ucPY6O/zb4OfdfYh4=
« Previous 1 2 3 Next »
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Endless OS 6 has Arrived
After more than a year since the last update, the latest release of Endless OS is now available for general usage.
-
Fedora Asahi 40 Remix Available for Macs with Apple Silicon
If you've been anticipating KDE's Plasma 6 for your Apple Silicon-powered Mac, then you're in luck.
-
Red Hat Adds New Deployment Option for Enterprise Linux Platforms
Red Hat has re-imagined enterprise Linux for an AI future with Image Mode.
-
OSJH and LPI Release 2024 Open Source Pros Job Survey Results
See what open source professionals look for in a new role.
-
Proton 9.0-1 Released to Improve Gaming with Steam
The latest release of Proton 9 adds several improvements and fixes an issue that has been problematic for Linux users.
-
So Long Neofetch and Thanks for the Info
Today is a day that every Linux user who enjoys bragging about their system(s) will mourn, as Neofetch has come to an end.
-
Ubuntu 24.04 Comes with a “Flaw"
If you're thinking you might want to upgrade from your current Ubuntu release to the latest, there's something you might want to consider before doing so.
-
Canonical Releases Ubuntu 24.04
After a brief pause because of the XZ vulnerability, Ubuntu 24.04 is now available for install.
-
Linux Servers Targeted by Akira Ransomware
A group of bad actors who have already extorted $42 million have their sights set on the Linux platform.
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.