How to Set Up WireGuard VPN Server on Ubuntu 20.04

WireGuard is an application that allows you to establish a secure virtual private network (VPN), known for its simplicity and ease of use. It uses proven cryptographic protocols and algorithms to protect data. Originally designed for the Linux kernel, it can be deployed on Windows, macOS, BSD, iOS and Android.

This WireGuard vpn setup uses Ubuntu 20.04.

Cloud Servers from $5 / moIntel Xeon Gold 6254 3.1 GHz CPU, SLA 99,9%, 100 Mbps channelTry

Installing WireGuard Server on Ubuntu Linux

Log in via SSH to the Linux server, after logging in, check if the machine is updated by running the following command:

Now install WireGuard by running the following command:

Setting up IP Forwarding

For VPN to work we need to enable packet forwarding, only then we will be able to connect through Wireguard server, to do this we need to edit /etc/sysctl.conf file:

remove the "#" for the following command:

After that, run the following command to apply the changes:

The following message will be displayed:

Generation of Private and Public Keys

WireGuard works by encrypting the connection using a cryptographic key pair. The key pair is used by passing the public key to the other party, which can then encrypt its message so that it can only be decrypted with the corresponding private key. To secure two-way communication, each side must have its own private and public keys, since each pair provides only one-way communication.

Before generating the key pair, go to the

Set the permission for this directory:

To generate a key pair, type the following command:

Setting Up the Server Configuration

To start configuring the WireGuard server, go to the /etc/wireguard folder and create the file wg0.conf

Add the following directives to the configuration file:

Copy the private key we generated earlier and paste it into the PrivateKey.

Similarly, we have to generate a key pair for the client, copy the client's public key and paste it into PublicKey.

To copy the key value, run the following command:

Launch WireGuard and Make It Start at Boot

Now we are ready to start the server, to start WireGuard we use wg-quick and specify the name of the new interface:

If the configuration is perfect, you will see the following screen,

To check the status of the WireGuard server enter:

Congratulations, we have successfully started up the WireGuard server!

Installing WireGuard on the Client

The client setup depends on the operating system you are using. On Ubuntu/Debian-based systems, install WireGuard using the same command as on the server:

On Windows or macOS, download and install the official WireGuard client from the official website at wireguard.com/install.

Generating Client Keys

On the client machine, generate a dedicated key pair just as we did on the server. First, navigate to the WireGuard directory and set permissions:

Then generate the client key pair:

Retrieve both key values for use in the configuration files:

Copy the client public key and paste it into the [Peer] section of the server's wg0.conf file under the PublicKey field, as described in the server configuration step above.

Setting Up the Client Configuration

On the client machine, create the configuration file wg0.conf:

Add the following directives, replacing the placeholders with your actual values:

Connecting the Client to the Server

Once the configuration file is saved, bring up the WireGuard tunnel on the client:

To verify the connection is established and the handshake with the server has occurred, run:

You should see the server listed as a peer with a recent last handshake timestamp. To enable the client tunnel automatically at system boot, run:

Congratulations, the client is now securely connected to the WireGuard VPN server!