Build a VPN Tunnel with WireGuard
Tunneled
After completing the setup, the laptop, which acts as a server in our case, will take responsibility for transporting the network packets and will reside between the client and, for example, any websites it visits, accepting requests and returning responses. This connection is encrypted in both directions. Visited websites only see the server's IP address, not your own.
Setting up a VPN with WireGuard is easier than with its competitors (which sometimes require a demanding configuration that is easily beyond a beginner's capabilities). With the recent addition of WireGuard to the mainline kernel, its adoption is expected to continue to grow; over time, the configuration is likely to be simplified with additional tools.
Installing WireGuard
Unlike its competitors, WireGuard uses the same software on the server and the clients. After installing the wireguard package via the server's and the clients' package managers, start the process of generating private and public keys; this is comparable to the same procedure in SSH. You need to create a key pair for each device that will have access to the VPN. The two computers on either end of the WireGuard tunnel each need the public keys from the other end. WireGuard does not care whether the server is on the Internet or a local network.
If you are using Ubuntu 20.04, the best way to install WireGuard is to type the following at the command line
sudo apt install wireguard
rather than using the graphical package manager, which only gives you an outdated third-party snap package (Figure 1). Also make sure that the header files are installed to match the kernel.
![](/var/linux_magazin/storage/images/issues/2020/237/wireguard/figure-1/770764-1-eng-US/Figure-1_large.png)
After installing the package, you still need to enable IP forwarding on the designated WireGuard server. As root, open the /etc/sysctl.conf
file in an editor and uncomment the lines #net.ipv4.ip_forward=1
for IPv4 or #net.ipv6.conf.all.forwarding=1
for IPv6 (Listing 1). Then reload the system configuration (Listing 2) by typing:
sudo sysctl -p
Listing 1
Enabling IP Forwarding
[...] # Uncomment the next line to enable packet forwarding for IPv4 net.ipv4.ip_forward=1 [...] # Uncomment the next line to enable packet forwarding for IPv6 # Enabling this option disables Stateless Address Autoconfiguration # based on Router Advertisements for this host net.ipv6.conf.all.forwarding=1 [...]
Listing 2
Reloading WireGuard
### Install Wireguard $ sudo apt update $ sudo apt install wireguard resolvconf ### Only on the Wireguard server: $ sudo nano /etc/sysctl.conf $ sudo sysctl -p
Key Services
Now create the required private and public keys on the server and clients (shown in Listing 3). Finally, check that the keys have been created with the ls
command (Figure 2). It is best to copy both public keys into a text file and save them on a USB stick for later configuration.
Listing 3
Creating Private and Public Keys
$ sudo -s $ cd /etc/wireguard ### Generate key on server: $ umask 077; wg genkey | tee <client1>.key | wg pubkey > <client1>.pub ### Generate key on client: $ umask 077; wg genkey | tee <client2>.key | wg pubkey > <client2>.pub ### Check key on server: $ ls -al total 24 drwx------ 2 root root 4096 Apr 30 19:49 . drwxr-xr-x 131 root root 12288 Apr 30 19:47 .. -rw------- 1 root root 45 Apr 30 19:49 client1.key -rw------- 1 root root 45 Apr 30 19:49 client1.pub $ cat /etc/wireguard/client1.key YBwK1N1O7OwOEtWCFnxwF9aVB0GK5YUNxEtU1pyVuUs= $ cat /etc/wireguard/client1.pub LnEReQTHUY7FIMaAR6qVcCfk95ucPY6O/zb4OfdfYh4=
« Previous 1 2 3 Next »
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
![Learn More](https://www.linux-magazine.com/var/linux_magazin/storage/images/media/linux-magazine-eng-us/images/misc/learn-more/834592-1-eng-US/Learn-More_medium.png)
News
-
NVIDIA Released Driver for Upcoming NVIDIA 560 GPU for Linux
Not only has NVIDIA released the driver for its upcoming CPU series, it's the first release that defaults to using open-source GPU kernel modules.
-
OpenMandriva Lx 24.07 Released
If you’re into rolling release Linux distributions, OpenMandriva ROME has a new snapshot with a new kernel.
-
Kernel 6.10 Available for General Usage
Linus Torvalds has released the 6.10 kernel and it includes significant performance increases for Intel Core hybrid systems and more.
-
TUXEDO Computers Releases InfinityBook Pro 14 Gen9 Laptop
Sporting either AMD or Intel CPUs, the TUXEDO InfinityBook Pro 14 is an extremely compact, lightweight, sturdy powerhouse.
-
Google Extends Support for Linux Kernels Used for Android
Because the LTS Linux kernel releases are so important to Android, Google has decided to extend the support period beyond that offered by the kernel development team.
-
Linux Mint 22 Stable Delayed
If you're anxious about getting your hands on the stable release of Linux Mint 22, it looks as if you're going to have to wait a bit longer.
-
Nitrux 3.5.1 Available for Install
The latest version of the immutable, systemd-free distribution includes an updated kernel and NVIDIA driver.
-
Debian 12.6 Released with Plenty of Bug Fixes and Updates
The sixth update to Debian "Bookworm" is all about security mitigations and making adjustments for some "serious problems."
-
Canonical Offers 12-Year LTS for Open Source Docker Images
Canonical is expanding its LTS offering to reach beyond the DEB packages with a new distro-less Docker image.
-
Plasma Desktop 6.1 Released with Several Enhancements
If you're a fan of Plasma Desktop, you should be excited about this new point release.