How to Set Up WireGuard VPN Client on Ubuntu Desktop
0. Prerequisite
You need a working WireGuard VPN server. Learn how to set that up here: How to Set Up WireGuard VPN Server on Ubuntu
1. Install
First we update our Ubuntu host machine then install WireGuard:
$ sudo apt update
$ sudo apt install wireguard
Info
You may see over the web that you should install WireGuard with ppa, like:
$ sudo add-apt-repository ppa:wireguard/wireguard
This is an outdated method and as we seen in https://launchpad.net/%7Ewireguard:
This formerly was responsible for producing a PPA for WireGuard on Ubuntu. That functionality has now been folded into Ubuntu itself, so our old PPA has been removed. Simply run apt install wireguard on all Ubuntus ≥ 16.04
2. Configure
2.0. Keys
WireGuard ships with two command-line tools: wg
and wg-quick
that allow you
to configure and manage the WireGuard.
Run the following command to generate the public and private keys:
$ sudo mkdir -p /etc/wireguard/clients
$ wg genkey | sudo tee /etc/wireguard/clients/desktop.key | wg pubkey | sudo tee /etc/wireguard/clients/desktop.key.pub
This places our keys under our /etc/wireguard/clients
directory that we just created.
As usual, DO NOT share your private key with anyone else, otherwise your VPN will be
compromised.
You can view these files with cat
:
$ cat /etc/wireguard/clients/desktop.key
$ cat /etc/wireguard/clients/desktop.key.pub
2.1. dekstop.conf File
Create configuration file,
$ sudoedit /etc/wireguard/wg0.conf
and add following settings:
[Interface]
PrivateKey = DESKTOP_CLIENT_PRIVATE_KEY
Address = 10.0.0.2/24
[Peer]
PublicKey = YOUR_SERVER_PUBLIC_KEY
Endpoint = YOUR_SERVER_IP_ADDRESS:51820
AllowedIPs = 0.0.0.0/0
Replace DESKTOP_CLIENT_PRIVATE_KEY
with your private key in
/etc/wireguard/clients/desktop.key
.
2.2. Add Desktop Client to Server
The last configuration step is to add your dekstip client’s public key and IP address to your server:
$ sudo wg set wg0 peer DESKTOP_CLIENT_PUBLIC_KEY allowed-ips 10.0.0.2
3. Start WireGuard
3.0. wg up
When everything done above, bring the wg0
interface up using the attributes specified in the
configuration file:
$ sudo wg-quick up wg0
Now you should be connected to your Ubuntu VPN server, and the traffic from your client machine should be routed through it. You can check the connection with:
$ sudo wg
and the output should be like:
interface: wg0
public key: HFqTSN2SE6LvvEU/xV3eJ0KArQEkTx1mYZpAjRtAjwE=
private key: (hidden)
listening port: 22870
fwmark: 0xca6c
peer: 8Mg3Vgw+QduVhJaLERXQbyrPL1/nUWa27Ly8ZVTGTHs=
endpoint: XXX.XXX.XXX.XXX:51820
allowed ips: 0.0.0.0/0
latest handshake: 1 minute, 18 seconds ago
transfer: 67.58 KiB received, 170.36 KiB sent
3.1. Start at Boot
If you want to to start your WireGuard after every system reboot just run:
$ sudo systemctl enable wg-quick@wg0
To remove this:
$ sudo systemctl disable wg-quick@wg0
4. Test WireGuard
You can now check you IP
searching on the browser what is my ip or just
use curl
to achieve that from your cli
:
$ curl ifconfig.me
You should now see your YOUR_SERVER_IP_ADDRESS
instead of your your local
IP
which your ISP provided.
Congrats!
All done!
Changelog
- 2021-04-26 : Fixed typo on pub key name when generating
wg genkey