This article will help you learn how to install and configure WireGuard on Linux OS.
To install WireGuard on your Linux OS device, follow the steps:
- Start the terminal (Ctrl+Alt+T). Run the command in it:
$ sudo apt install wireguard
- Additionally, download the WireGuard configuration file (wg_client**.conf) from the provided link: http://server_IP:port/xxxxxxxxxx/, you have received this link via email after activating the service.
- You can also find VPN access in your client area.
- In your client area, find the My Service tab.
- Click Manage.
- In the Access section, find the WireGuard settings.
- Download access information there.
- For the work of VPN, enable packet forwarding, only then you can connect through the WireGuard server. To enable packet forwarding, edit the /etc/sysctl.conf file:
sudo nano /etc/sysctl.conf
- Remove "#" for the following command:
net.ipv4.ip_forward=1
- To apply the changes, run the following command:
sysctl -p
WireGuard works by encrypting the connection with a pair of cryptographic keys. A key pair is used by passing the public key to the other party, where their message can be encrypted in such a way that it can only be decrypted with the corresponding private key. For two-way communication to be secure, each party must have its own private and public keys, since each pair provides only one-way messaging.
- To generate a key pair, go to the directory:
dwg sudo cd /etc/wireguard
- To set permission for this directory, run the following command:
umask 077
- To generate a key pair, run the following command:
wg genkey | tee private.key | wg pubkey > public.key
- To start configuring the WireGuard server, go to the /etc/wireguard folder and create the wg0.conf file:
sudo nano /etc/wireguard/wg0.conf
- Add the following directives to the configuration file:
[Interface]
PrivateKey = <contents-of-server-privatekey>
Address = <Address>
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = <ListenPort>
[Peer]
PublicKey = <contents-of-client-publickey>
AllowedIPs = <AllowedIPs> - Copy the private key generated earlier and paste it into the PrivateKey. To generate a key pair for the client, copy the client's public key and paste it into the PublicKey.
To copy the key value, run the following command:sudo cat /etc/wireguard/public.key
sudo cat /etc/wireguard/private.key
- To start WireGuard use wg-quick and specify the name of the new interface:
wg-quick up wg0
-
To check the WireGuard server status, enter:
wg show
If you have any questions, you can ask them in the online chat in the lower right corner of the site or by ticketing the Techsupport Department.
