Install WireGuard on ubuntu as the server and windows client

Language 2023-08-19 06:34:04 views: null

Foreword:

WireGuard can be used for companies to build server intranets to access server resources

Attachment: I found a disadvantage through my own use: due to the use of UPD connection, the port number is often blocked, resulting in failure to connect, and the port number or ip needs to be changed, which may be different for others.

Table of contents

Foreword:

1. Install WireGuard on ubuntu as a server

1. Download and install the software package

2. Generate public and private keys

3. Edit the WireGuard configuration file

4. Start WireGuard

5. Other server configuration

6. Verify the connection

2. Windows installs WireGuard as a client

1. Download and install the WireGuard client

2. Write configuration files

 3. Connect

1. Install WireGuard on ubuntu as a server

1. Download and install the software package

First, update the package list with the following command:

sudo apt-get update

Install WireGuard and its dependencies with the command

sudo apt install wireguard resolvconf qrencode -y

You can use the following command to check whether the installation is complete

sudo modprobe wireguard && lsmod | grep wireguard

If the module is shown in the output wireguard, then WireGuard was installed successfully.

2. Generate public and private keys

Generate the public and private keys of the server and client for use when writing configuration files

Generate with the following command

umask 077
wg genkey | tee server_private_key | wg pubkey > server_public_key
wg genkey | tee client_private_key | wg pubkey > client_public_key

There will be four files after generation, you can use the cat command to view the contents and copy them

3. Edit the WireGuard configuration file

Create a new WireGuard configuration file so you can configure your VPN server. can be edited with the command

sudo vim /etc/wireguard/wg0.conf

Copy and paste the following example configuration into a new file:

[Interface]
Address = 10.0.0.1/24
SaveConfig = true
ListenPort = 51820
PrivateKey = YOUR_PRIVATE_KEY

[Peer]
PublicKey = PEER_PUBLIC_KEY
AllowedIPs = 10.0.0.2/32

Where YOUR_PRIVATE_KEY is the value of server_private_key generated in step 2 (server private key)

PEER_PUBLIC_KEY is the value of client_public_key (client public key)

ListenPort is the port the server listens on, use 51820

4. Start WireGuard

Start WireGuard with the following command:

sudo wg-quick up wg0

If you want to modify the configuration file, you can use the following command to suspend the operation of WireGuard, and then restart the start command:

sudo wg-quick down wg0

5. Other server configuration

Set up IP forwarding

In order for the VPN server to forward packets, IP forwarding needs to be enabled. The following commands can be used:

sudo sysctl -w net.ipv4.ip_forward=1

configure firewall

To protect the server and VPN connection, the firewall needs to be configured to allow WireGuard traffic. Incoming traffic on UDP port 51820 needs to be enabled

sudo ufw allow 51820/udp

6. Verify the connection

Check that WireGuard has started successfully with the following command:

sudo wg

You can see the configured WireGuard interface and peer information.

2. Windows installs WireGuard as a client

1. Download and install the WireGuard client

You need to download and install the WireGuard client for Windows from the official WireGuard website (https://www.wireguard.com/install/). (Cross-network access may be required, you can use PPTP access and download set up in another article)

2. Write configuration files

Open wireGuard, click New Empty Tunnel, copy the following configuration to fill

[Interface]
PrivateKey = YOUR_PRIVATE_KEY
Address = 10.0.0.2/24
DNS = 8.8.8.8

[Peer]
PublicKey = SERVER_PUBLIC_KEY
AllowedIPs = 0.0.0.0/0
Endpoint = SERVER_IP_ADDRESS:51820
PersistentKeepalive = 25

There are three variables that need to be replaced:

1. YOUR_PRIVATE_KEY is the client_private_key (client private key) generated by the server in the above step 1 when generating the key

2. SERVER_PUBLIC_KEY is the server's public key server_public_key

3. SERVER_IP_ADDRESS should be replaced with your server's public IP address.

(Of course, you can also generate public and private keys on the client side and replace the configuration file in step 1 with this file)

 3. Connect

After saving the above information, you can connect to the server

Guess you like

Origin blog.csdn.net/GuaGea/article/details/129810336
Recommended
The United States plans to restrict the export of large AI models to China and Russia
Apple to reach agreement with OpenAI to bring ChatGPT to iPhone
Ranking
whisper-webui installation tutorial is silky and easy to use
[Base] Laravel concepts laravel basis, the custom service provider: Contracts, ServiceContainer, ServiceProvider, Facades relations
Import torchvision error problem solving DLL: module not found
observer & watch & notify = pub & sub
A small turntable program [HTML + CSS + JS]
CorelDRAW 2018 shortcuts Daquan
Supervise el botón de menú para lograr un gatillo de presión prolongada
JS将时间秒转换成天小时分钟秒的字符串
RIP basic configuration
[Deleted] solution to a problem a few questions (Noip1994)
Daily
More
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)

Code World

© 2018 codetd.com