Hi, this is my first article in English. I'm going to explain how to install WireGuard. WireGuard is a program to configure and create your own Virtual Private Network (VPN) in a server with Ubuntu 22.04 in Digital Ocean this tutorial will be simple for obviously reasons, English is not my native language. I hope that you like.
- Install WireGuard
Here is important that you have a user with permissions or root the reason is beacuse if you dont have this you can't install the software. You can install WireGuard with the next command:
sudo apt install wireguard
- Enter to the folder of WireGuard
After the installation you need to move at the folder for the configurations necesaries.
- Enable permissions for the folder
The next command is for set permissions only for root or user with sudo. This is important because in this folder is the configuration about who and where can connect to the VPN.
- Create public and private key (Server).
We are going to create two files: public and private key of the server. Here is a example of name of the keys but if you want to change the name you cant do it.
wg genkey |tee 00_server_private_key | wg pubkey > 00_public_key
- Create public and private key (Client)
Now we are going to create the two keys of the client, is the same command you need to change the name of the files.
wg genkey |tee 01_client_private_key | wg pubkey > 01_client_public_key
- Show network interfaces. You need to check the interface where you have your out of internet, in this example my interfaces is eth0.
- Create file of configuration
Now we need to open a new file with the next command.
sudo nano wg0.config
- Configuration of Server
The files that we create in the previous steps are necesaries for fill this template of config. Replace where say without the characters <>, with the content of the file 00_server_private_key you can view the content of file with the commend cat for example: cat 00_server_private_key. After you need to assing a ip address for example 10.115.0.101 and the subnetmask /32. PostUp config maybe is confuse, but in this part the meaning is: when you connect to WireGuard all you request of your client will be enroute to internet through the interface of the server that you select in my case eth0. PostDown is make a reverse of the config of PostUp when the client is disconect. ListPort I put the default port of WireGuard but you can change it.
The config of client also is here and is the public key that you need to replace with the content of file 01_client_public_key.
PrivateKey = <Private key server>
Address = xx.xx.xx.xx/32
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51820
PublicKey = <Priavate key client>
AllowedIPs = xx.xx.xx.xx/24
- Up the service You up the service with the next command
wg-quick up wg0
- Up the services always when the server starts.
systemctl enable wg-quick@wg0
- Forward network pacakges
You need to find this line and change for this:
sysctl -w net.ipv4.ip_forward=1
- At last step is the file config of the client.
This is the template for the client. You can see all the clients avalaibles in this link. Replace the content like in previous steps.
PrivateKey = <Private key client>
Address = xx.xx.xx.xx/24
DNS = 126.96.36.199
PublicKey = <Public key server>
AllowedIPs = 0.0.0.0/0
Endpoint = IP_Server:51820
Now you can connect to your PRIVATE VPN.