Skip to content

Wireguard Setup

Jump to bottom
chucklessducks edited this page Mar 11, 2022 · 8 revisions

1. Before Install

  • Before installing Wireguard make sure you have the following up and running.
  • A VPS up and running Ubuntu Server 20.04 x64
  • A local server running Ubuntu Server 20.04 x64

2. VPS Wireguard install

  • Throughout this guide I will denote what code goes were. Look for the #VPS for code that goes on the VPS or #Local for code that goes on your local server.

  • To start SSH into both machines. Make sure not to get them confused.


  • For the Wireguard install I chose to use the Wireguard Road Warrior installer. It is by far the easiest install of Wireguard I have ever come across.

#VPS

wget https://git.io/wireguard -O wireguard-install.sh && bash wireguard-install.sh
  • This code will install Wireguard and start the setup process.
  • After you run the code you will be met with a few options you will need to fill out.

Select an option:

  1. Add a new client
  2. Remove an existing client
  3. Remove WireGuard
  4. Exit
  • Select 1 to add a new client.

Provide a name for the client:

  • Put in a meaningful name for the new client.

Select a DNS server for the client:

  1. Current system resolvers
  2. Google
  3. 1.1.1.1
  4. OpenDNS
  5. Quad9
  6. AdGuard
  • Select one of these. We will have to remove this later anyway.
  • Once you hit enter Wireguard should install and do all of the setups for you.
  • A QR code should appear and give you a destination to the Wireguard client config.

"NAME" added. Configuration available in: /root/"NAME".conf

  • Nano into the .conf file that was just created sudo nano /root/<NAME>.conf

  • The information in this config file is the Wireguard client info.

  • We will need to make one change to this file. Remove the line DNS = ...... I have had nothing but trouble with the DNS entry in this config.

  • Once you have removed the DNS line, copy the information inside of the config file and place this info into a notepad to use later.


2. Local Wireguard Setup

  • On your local server install Wireguard.
#Local

sudo apt install wireguard
  • Once Wireguard has finished installing we will need to add the client config.
#Local

(umask 077 && printf "[Interface]\nPrivateKey= " | sudo tee /etc/wireguard/wg0.conf > /dev/null)
wg genkey | sudo tee -a /etc/wireguard/wg0.conf | wg pubkey | sudo tee /etc/wireguard/publickey

  • This will change the permissions on the files and create the keys and files we need. It will also display a key but we can ignore that because we are going to change it.

  • Nano into the Wireguard .conf file. sudo nano /etc/wireguard/wg0.conf

  • This config file should already have some items populated in it. We are going to replace all the items in it with the config we received from the VPS Wireguard config /root/"NAME".conf. From your notepad copy the Wireguard client config into this file. CTRL X and Y to save the file.

  • On both servers we will need to restart the wg0 adapter.

#VPS and #Local

sudo wg-quick down wg0
  • This should bring the wg0 adapter down if it already up. If it says no adapter that is fine.
#VPS and #Local

sudo wg-quick up wg0

  • This should bring up the wg0 adapter.

  • You can check to see if the adapter is running by ip a. You should see wg0 listed with a 10.7.0._ IP.

  • Our VPS should have a wg0 IP of 10.7.0.1 and our Local should have a wg0 IP of 10.7.0.2.

  • If Wireguard is working correctly each server should be able to ping each other.

#VPS

ping 10.7.0.2


#Local

ping 10.7.0.1


#Output

root@Static:~# ping 10.7.0.2
PING 10.7.0.2 (10.7.0.2) 56(84) bytes of data.
64 bytes from 10.7.0.2: icmp_seq=1 ttl=64 time=42.5 ms
64 bytes from 10.7.0.2: icmp_seq=2 ttl=64 time=38.6 ms
64 bytes from 10.7.0.2: icmp_seq=3 ttl=64 time=39.1 ms
64 bytes from 10.7.0.2: icmp_seq=4 ttl=64 time=40.5 ms
64 bytes from 10.7.0.2: icmp_seq=5 ttl=64 time=38.8 ms
64 bytes from 10.7.0.2: icmp_seq=6 ttl=64 time=38.0 ms
^C
--- 10.7.0.2 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5003ms
rtt min/avg/max/mdev = 38.015/39.609/42.535/1.508 ms
  • If that is all working we can now verify that our local server has the same external IP address as our VPS.
# Local

dig +short myip.opendns.com @resolver1.opendns.com
  • This IP should match your VPS IP4 address. If it does not go back and make sure you did the Wireguard conf correctly.
  • If the IP match you have done everything correctly and now have a Wireguard tunnel set up and running.

3. Sysctl Setup

  • We need to make Wireguard a service so when we restart our computer or server the link reconnects.
  • To do this run the following on both the VPS and Local.

  • Now on both servers enable the service.
#VPS and #Local

sudo wg-quick down wg0
sudo systemctl start wg-quick@wg0
sudo systemctl enable wg-quick@wg0
  • Using the ping tool, verify that the link is still functioning between the two servers.
  • Verify that the external IP still matches the VPS server.
  • It might be helpful to restart both of the servers and make sure that the Wireguard service restarts. You can use sudo systemctl status wg-quick@wg0 to make sure the service is running after a restart.

  • If the ping and the external IP are correct you are finished. You now have a link between the two servers.

Next Step - Nginx Proxy Manager --->

Clone this wiki locally