The WireGuard is considered the next revolutionary feature in the VPN industry. It was officially incorporated into the Linux kernel in 2020, and following its success, the protocol has gone through back-porting, and modifications were done to make it compatible with almost every platform. Several premium VPN providers now implement WireGuard as a vital part of their services.
VPNs, in general, have revolutionized the internet and are considered a must-have tool for users’ online safety and privacy. The majority of top-notch features are provided by the premium VPN app, but if you are not an advanced-level user and want to get a VPN for routine use, there are several quality free VPN options available. A free VPN for Linux will ensure an enhanced online privacy and data safety while you are connected to the internet.
You can even configure a free VPN server on your Linux devices. This guide is intended for those readers who are looking to set up a WireGuard on Linux. Read along and find out how to do that conveniently.
Overview of WireGuard
For those not acquainted well with WireGuard, it entails the creation of an encryption key (random text) along with a public key (even more randomized symbols generated from the encryption key), which are combined to function as a “lock” with “key.”
We’ll generate these keys separately for every client and server to enable bidirectional authentication, so establish a gateway.
There are several uses for WireGuard tunnels. You might, for instance, can use the connection to privately channel your IP & DNS traffic (website search) through a Pi-hole, connect to your server from any location, or even transmit your entire online traffic via the WireGuard server.
We’ll be providing installation instructions for Ubuntu version 20.04 as it’s a widely used server. Visit its official website for further information on installing the WireGuard protocol tools on your system.
The installation of WireGuard is simple. The stage that takes the longest is configuration. Let’s go over the fundamentals first.
Prerequisites for WireGuard
- Any Linux system with administrator access
- Knowledge of Linux command prompt
- A web domain referring to your web server or a publicly accessible IP address
Setup WireGuard on Ubuntu
Since we are working on a Ubuntu server, the installation method is real-quick:
|sudo apt update && sudo apt install wireguard
Besides the primary tool, a variety of modules for WireGuard security (encryption) is installed. And it’s done. Let’s set everything up and launch the server afterward.
Key Generation and Configuration for Server
With the tools that come with WireGuard, we can easily generate public/private key pairs. These are employed to verify server traffic. The public key is comparable to a real key that is used to open a door, whereas the private key might be compared to the lock on a door. Never reveal the server’s secret key to anybody. We will provide the customers with the public key so they may access our server.
Key Security Composition of WireGuard
To make sure that everything is safe, switch to your admin account as we perform the following instruction:
- sudo -i
- cd /etc/wireguard
- umask 077
To establish the access for whichever files are being created, we will be using the “umask” command. Umask removes privileges, making it subtractive. We are deleting all rights from “group” as well as “other” people in the command above
Private Key: The Lock
The particular private key is first created. These groups of instructions will always begin with wg, the initial group of WireGuard technologies we’ll be utilizing. Keep in mind that the first one functions as the “lock” for our server:
- wg genkey > server.key
The aforementioned command will display the outcome by standard to the display. However, because the > modifier is being used, the output will be saved to a record (and created if necessary). It should be noted that this modification would overwrite any existing files if used!
We created the private key using the above said command and saved it in an unique file named server.key for proper functioning.
Public Key: The Key
Then, using an alike command, we create the public key from the private key. Now , we have the public “key” that fits the private “lock”:
- wg pubkey < server.key > server.pub
Same as the above, however, in this instance, we interpret our private key’s material into the public key mechanism first by employing the reverse sign. The output of that has been nudged into a different file named server.pub (just as it was above). Among the elements that clients will require in order to log into the WireGuard-based server is this public key.
Now that we have these two elements, we can make the configuration file of WireGuard which will enable us to launch the server eventually.
Configuration File for Server
wg0.conf should be created in the standard WireGuard folder (/etc/wireguard). After that, WireGuard will interpret this file to develop and set up a digital interface.
It’s not mandatory to be an expert to understand how a digital interface functions; just picture it as a door with a key and a lock. With the exception of the fact that all content going via it is properly encrypted and transferred to another WireGuard machine, we are introducing a cloud-based ethernet/WiFi adaptor(s).
- nano /etc/wireguard/wg0.conf
Write the following command before the starting of your file:
- Address = 10.254.0.1/24
- ListenPort = 49312
- SaveConfig = True
Now, save the document, then exit. Here, we configure the virtual WG0 port to use a local network of IP addresses. Although it’s not technically necessary, doing this will assist you in organizing your computer and prevent IP address issues or duplication in the future. The private IP domains (192.168.0.0/16, 10.0.0.0/8, and 172.16.0.0/12) are all open for selection.
The IP address has the /24 CIDR symbol added to its end to show it can utilize a variety of addresses. Like in this case, /24 denotes all addresses ranging from 10.254.0.1 through 10.254.0.254. We might potentially serve 253 clients as a result.