How to create your private VPN with WireGuard

ulisesserranop

Ulises Serrano

Posted on June 15, 2023

How to create your private VPN with WireGuard

Hi, this is my first article in English. I'm going to explain how to install WireGuard. WireGuard is a program to configure and create your own Virtual Private Network (VPN) in a server with Ubuntu 22.04 in Digital Ocean this tutorial will be simple for obviously reasons, English is not my native language. I hope that you like.

  • Install WireGuard

Here is important that you have a user with permissions or root the reason is beacuse if you dont have this you can't install the software. You can install WireGuard with the next command:

sudo apt install wireguard
Enter fullscreen mode Exit fullscreen mode
  • Enter to the folder of WireGuard

After the installation you need to move at the folder for the configurations necesaries.

cd /etc/wireguard
Enter fullscreen mode Exit fullscreen mode
  • Enable permissions for the folder

The next command is for set permissions only for root or user with sudo. This is important because in this folder is the configuration about who and where can connect to the VPN.

umask 077
Enter fullscreen mode Exit fullscreen mode
  • Create public and private key (Server).

We are going to create two files: public and private key of the server. Here is a example of name of the keys but if you want to change the name you cant do it.

wg genkey |tee 00_server_private_key | wg pubkey > 00_public_key
Enter fullscreen mode Exit fullscreen mode
  • Create public and private key (Client)

Now we are going to create the two keys of the client, is the same command you need to change the name of the files.

wg genkey |tee 01_client_private_key | wg pubkey > 01_client_public_key
Enter fullscreen mode Exit fullscreen mode
  • Show network interfaces. You need to check the interface where you have your out of internet, in this example my interfaces is eth0.
ip addr
Enter fullscreen mode Exit fullscreen mode
  • Create file of configuration

Now we need to open a new file with the next command.

sudo nano wg0.config
Enter fullscreen mode Exit fullscreen mode
  • Configuration of Server

The files that we create in the previous steps are necesaries for fill this template of config. Replace where say without the characters <>, with the content of the file 00_server_private_key you can view the content of file with the commend cat for example: cat 00_server_private_key. After you need to assing a ip address for example 10.115.0.101 and the subnetmask /32. PostUp config maybe is confuse, but in this part the meaning is: when you connect to WireGuard all you request of your client will be enroute to internet through the interface of the server that you select in my case eth0. PostDown is make a reverse of the config of PostUp when the client is disconect. ListPort I put the default port of WireGuard but you can change it.

The config of client also is here and is the public key that you need to replace with the content of file 01_client_public_key.

[Interface]
PrivateKey = <Private key server>
Address = xx.xx.xx.xx/32
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51820

[Peer]
PublicKey = <Priavate key client>
AllowedIPs = xx.xx.xx.xx/24
Enter fullscreen mode Exit fullscreen mode
  • Up the service You up the service with the next command
wg-quick up wg0
Enter fullscreen mode Exit fullscreen mode
  • Up the services always when the server starts.
systemctl enable wg-quick@wg0
Enter fullscreen mode Exit fullscreen mode
  • Forward network pacakges
nano /etc/sysctl.conf
Enter fullscreen mode Exit fullscreen mode

You need to find this line and change for this:

sysctl -w net.ipv4.ip_forward=1
Enter fullscreen mode Exit fullscreen mode
  • At last step is the file config of the client.

This is the template for the client. You can see all the clients avalaibles in this link. Replace the content like in previous steps.

[Interface]
PrivateKey = <Private key client>
Address = xx.xx.xx.xx/24
DNS = 8.8.8.8

[Peer]
PublicKey = <Public key server>
AllowedIPs = 0.0.0.0/0
Endpoint = IP_Server:51820
Enter fullscreen mode Exit fullscreen mode

Now you can connect to your PRIVATE VPN.

💖 💪 🙅 🚩
ulisesserranop
Ulises Serrano

Posted on June 15, 2023

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related

SSH keys explained
ssh SSH keys explained

December 19, 2019