Foreword:
WireGuard can be used for companies to build server intranets to access server resources
Attachment: I found a disadvantage through my own use: due to the use of UPD connection, the port number is often blocked, resulting in failure to connect, and the port number or ip needs to be changed, which may be different for others.
Table of contents
1. Install WireGuard on ubuntu as a server
1. Download and install the software package
2. Generate public and private keys
3. Edit the WireGuard configuration file
2. Windows installs WireGuard as a client
1. Download and install the WireGuard client
1. Install WireGuard on ubuntu as a server
1. Download and install the software package
First, update the package list with the following command:
sudo apt-get update
Install WireGuard and its dependencies with the command
sudo apt install wireguard resolvconf qrencode -y
You can use the following command to check whether the installation is complete
sudo modprobe wireguard && lsmod | grep wireguard
If the module is shown in the output wireguard
, then WireGuard was installed successfully.
2. Generate public and private keys
Generate the public and private keys of the server and client for use when writing configuration files
Generate with the following command
umask 077
wg genkey | tee server_private_key | wg pubkey > server_public_key
wg genkey | tee client_private_key | wg pubkey > client_public_key
There will be four files after generation, you can use the cat command to view the contents and copy them
3. Edit the WireGuard configuration file
Create a new WireGuard configuration file so you can configure your VPN server. can be edited with the command
sudo vim /etc/wireguard/wg0.conf
Copy and paste the following example configuration into a new file:
[Interface]
Address = 10.0.0.1/24
SaveConfig = true
ListenPort = 51820
PrivateKey = YOUR_PRIVATE_KEY
[Peer]
PublicKey = PEER_PUBLIC_KEY
AllowedIPs = 10.0.0.2/32
Where YOUR_PRIVATE_KEY is the value of server_private_key generated in step 2 (server private key)
PEER_PUBLIC_KEY is the value of client_public_key (client public key)
ListenPort is the port the server listens on, use 51820
4. Start WireGuard
Start WireGuard with the following command:
sudo wg-quick up wg0
If you want to modify the configuration file, you can use the following command to suspend the operation of WireGuard, and then restart the start command:
sudo wg-quick down wg0
5. Other server configuration
Set up IP forwarding
In order for the VPN server to forward packets, IP forwarding needs to be enabled. The following commands can be used:
sudo sysctl -w net.ipv4.ip_forward=1
configure firewall
To protect the server and VPN connection, the firewall needs to be configured to allow WireGuard traffic. Incoming traffic on UDP port 51820 needs to be enabled
sudo ufw allow 51820/udp
6. Verify the connection
Check that WireGuard has started successfully with the following command:
sudo wg
You can see the configured WireGuard interface and peer information.
2. Windows installs WireGuard as a client
1. Download and install the WireGuard client
You need to download and install the WireGuard client for Windows from the official WireGuard website (https://www.wireguard.com/install/). (Cross-network access may be required, you can use PPTP access and download set up in another article)
2. Write configuration files
Open wireGuard, click New Empty Tunnel, copy the following configuration to fill
[Interface]
PrivateKey = YOUR_PRIVATE_KEY
Address = 10.0.0.2/24
DNS = 8.8.8.8
[Peer]
PublicKey = SERVER_PUBLIC_KEY
AllowedIPs = 0.0.0.0/0
Endpoint = SERVER_IP_ADDRESS:51820
PersistentKeepalive = 25
There are three variables that need to be replaced:
1. YOUR_PRIVATE_KEY is the client_private_key (client private key) generated by the server in the above step 1 when generating the key
2. SERVER_PUBLIC_KEY is the server's public key server_public_key
3. SERVER_IP_ADDRESS should be replaced with your server's public IP address.
(Of course, you can also generate public and private keys on the client side and replace the configuration file in step 1 with this file)
3. Connect
After saving the above information, you can connect to the server