Home / Linux / System utilities

Simplified installation of WireGuard server for Ubuntu

Simplified installation of a WireGuard server for Ubuntu. WireGuard is a Virtual Private Network (VPN) system which is new, fast, and claims to be secure. Unfortunately, it's also rather complex to install, and the documentation is highly technical. That's why we've prepared this script and step-by-step guide.
Information
Category: Linux / System utilities
Watchers: 0
Star: 10
Fork: 1
Last update: Sep 23, 2020
Resource links
https://github.com/fastai/wireguard-fast

wireguard-fast

Simplified installation of a WireGuard server for Ubuntu (tested on Ubuntu 20.04; should work on 18.04 as well

WireGuard is a Virtual Private Network (VPN) system which is new, fast, and claims to be secure. Unfortunately, it's also rather complex to install, and the documentation is highly technical. That's why we've prepared this script and step-by-step guide.

This script will set up a server, and will also create client configurations for as many clients as you want. Each device that will connect will need a separate configuration. Note that client devices will be able to see each other on the VPN, as well as the server.

You'll need to login to your server. If your username is "ubuntu", and your IP address is "1.2.3.4", you login to your server with:

ssh [email protected]

Make sure everything is up to date and you've rebooted since your last update. If you're not sure, run this to update and reboot:

sudo apt update && sudo apt -y upgrade && sudo shutdown -r now

Wait a couple of minutes for the reboot to complete, then connect with ssh (using the same command as last time). Then to install, run:

sudo apt update
git clone https://github.com/fastai/wireguard-fast.git
cd wireguard-fast
sudo ./wireguard-fast.sh

During installation, you will need to answer three questions, discussed below.

Questions during installation

Use VPN for all internet traffic? [y/n]

If this VPN is just so that the clients can see each other and the server, respond n. If you want all traffic to route via the VPN (e.g. to change your apparent location, or to increase privacy and security), respond y.

# of clients? [Betwen 1 and 253]

Each device that will need to connect to your VPN is a client, and needs a separate configuration file. There's no real downside to creating more client configuration files than you end up using, so err on the high side when answering this question. (E.g. if you're just planning to use this yourself for watching foreign media, you might later find friends and family members wanting to use it too...)

Server hostname/IP?

This is the host name or IP address that you are installing the server on. The default is to use the current public IP address, by getting the output from the [ifconfig.me] service. If your server IP is not static, you'll need to use dynamic DNS to get a host name that you can connect to, and you should enter the host name here instead of the IP address.

Generally, it's better to use a hostname than an IP if possible, since if you later need to move your VPN server, you can always just update DNS to point the hostname at the new IP, instead of having the update all client configuration files on all devices.

Connecting clients

The server will be running as soon as the script is complete. It will print something like this to confirm the server is running:

interface: wg0
  public key: XXXXX
  private key: (hidden)
  listening port: 51820

...and will finally print:

Done. clients.tgz contains your client configuration files.
To add clients in the future run:
   sudo ./add-client.sh NUMBER
where NUMBER is the client number to create, which must be larger than 11

The server will also be automatically run on reboot, and will reconnect automatically if there are any network issues.

In directory you run the script, you will find a clients.zip file. This contains the client configuration files you requested. We'll copy this over to your PC. First, disconnect from your server, by pressing CtrlD, or typing exit. Now, at your PC's terminal, copy the clients.zip file by typing:

scp [email protected]:wireguard-fast/clients.zip ./

You can now unzip this file on your PC. It contains a folder with the conf files you requested. Give one to each person/device that needs to connect, and keep a list somewhere of which numbered config you give to which client, so if you need to remove or re-assign it later, you know who is who. On each device, the user will need to install the WireGuard software from here, and will then follow the directions below.

Windows

  1. Click Start, then type "wireguard" and press enter (or click the WireGuard icon)
  2. Click "Add Tunnel" (or press CtrlO
  3. Choose your config file
  4. Click Activate

Mac

I don't have a Mac to test with, so I'm copying the directions from Mullvad:

  1. Click on the WireGuard icon located in your desktop's top menu bar.
  2. In the drop-down menu, select Import tunnel(s) from file...
  3. Navigate to your Download folder and select the configuration file.
  4. Click Import.
  5. Click Allow if you get a pop-up saying "'WireGuard' would like to Add VPN Configurations."
  6. Click on the WireGuard icon located in your desktop's top menu bar.
  7. In the drop-down menu, select the server that you just imported
  8. A checkmark will appear next to it. That's it!

More advanced topics

Adding new clients

To add new clients later, run the command that you copied at the end of installation, incrementing the last number (7, in this case) by one each time you run it:

sudo SERVER=54.213.232.25 SUBNET=10.42.42.0/24 ./add-client.sh 7

You'll find the new client conf file created in the clients directory. You can either send the file, or use cat to display its contents and copy that. e.g.

$ cat clients/7.conf

[Interface]
PrivateKey = +NrpspR++zR509u71WEPKpqoOw5+1p5z8HpS4Vyrw2k=
Address = 10.42.42.7/24
[Peer]
PublicKey = VwSJ06TopxpF2Dvlj4ZUDUqwVeHuwZpLDQSvvJtCo3s=
Endpoint = 54.213.232.25:51820
AllowedIPs = 10.42.42.0/24
PersistentKeepalive = 15

Changing client type

You can enable and disable your device from routing all internet traffic, or have different settings for different devices. This is a sample client config which does not route all internet traffic:

[Interface]
PrivateKey = key_goes_here
Address = 10.42.42.2/24

[Peer]
PublicKey = pub_goes_here
AllowedIPs = 10.42.42.0/24
Endpoint = name.or.ip.here:51820
PersistentKeepalive = 15

To change this to route all internet traffic, make these two changes:

  • In the [Interface] section, add the line DNS = 1.1.1.1, 1.0.0.1
  • In the [Peer] section, change AllowedIPs from 10.42.42.0/24 to 0.0.0.0/0.

Here's the result after making those changes:

[Interface]
PrivateKey = key_goes_here
Address = 10.42.42.2/24
DNS = 1.1.1.1, 1.0.0.1

[Peer]
PublicKey = pub_goes_here
AllowedIPs = 0.0.0.0/0
Endpoint = name.or.ip.here:51820
PersistentKeepalive = 15
1 Open More issues
Closed

Keep-Alive-Actions

null

opened May 4, 2021 by hamelsmu 0
Closed

Keep-Alive-Actions

null

opened May 4, 2021 by hamelsmu 0
Closed

Keep-Alive-Actions

null

opened May 4, 2021 by hamelsmu 0
Open

Unable to locate package wireguard

Unable to locate package wireguard (i am using digitalocean's vps, Ubuntu 20.04). thank you

root@ubuntu-s-1vcpu-1gb-nyc1-01:~# git clone https://github.com/fastai/wireguard-fast.git Cloning into 'wireguard-fast'... remote: Enumerating objects: 92, done. remote: Counting objects: 100% (92/92), done. remote: Compressing objects: 100% (79/79), done. remote: Total 92 (delta 50), reused 32 (delta 13), pack-reused 0 Unpacking objects: 100% (92/92), 25.18 KiB | 1.26 MiB/s, done. root@ubuntu-s-1vcpu-1gb-nyc1-01:~# cd wireguard-fast root@ubuntu-s-1vcpu-1gb-nyc1-01:~/wireguard-fast# sudo ./wireguard-fast.sh

Use VPN for all internet traffic? [y/n] y

of clients? [Betwen 1 and 253] 5

Server hostname/IP? 143.198.116.220 E: Unable to locate package wireguard

opened Apr 1, 2021 by qnyblog 0
Open

Additional Questions I Have

Questions left to confirm/research. cc: @jph00

  1. How do I use this VPN exactly to access my deep learning rig at home? Let's say both computer are connected to VPN, my laptop and my deep learning rig. How can I then access my deep learning rig from a coffee shop with this? A: You said look at the conf file, I see it has an IP like 10.42.XXX so i will check this

  2. How to properly restart everything if I want to start over? Do I just restart the VM?

  3. Is there a way to increase the number of clients I have later?

  4. What if I want to change a specific client to send all internet traffic through?

opened Sep 19, 2020 by hamelsmu 1

Contents

    WireGuard Package wgctrl enables control of WireGuard interfaces on multiple platforms.
    WireGuard This repo is a mirror only. Official repository is at https://git.zx2c4.com/wireguard-nt
    r-pufky Use dropbear over wireguard.
    gerardpuig Ubuntu Cleaner is a tool that makes it easy to clean your ubuntu system.
    mochman Wireguard setup to bypass CGNAT with a VPS
    Nyr WireGuard road warrior installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS and Fedora
    vx3r Simple Web based configuration generator for WireGuard. Demo:
    IAmStoxe WireHole is a combination of WireGuard, PiHole, and Unbound in a docker-compose project
    thatsed Generate Vanity Public Keys for WireGuard.
    HarvsG A text repo to feature-track all the WireGuard mesh software
    luqmana A WireGuard UWP VPN plugin.
    Place1 wg-access-server is a single binary that provides a WireGuard VPN server and device management web ui
    iamsabbiralam Here you are advised to set up your ubuntu environment to run laravel projects with an Nginx server.
    angristan WireGuard VPN installer for Linux servers
    firezone A self-managed WireGuard-based VPN server and Linux firewall designed for simplicity and security.
    amritb An ansible playbook to set up wireguard server.
    SFTtech A Wireguard tunnel control service
    BetterWayElectronics A Guide On WireGuard/DNSCrypt/SSH/Honeypot Implementation on OVH
    VoidVolker Simple bash script for monitoring current IP and WireGuard status in Xfce tray.
    WeeJeWel PiVPN Web is an open-source Web UI for PiVPN (when using WireGuard).
    tusc WireGuard for UDM series routers
    Share this repo

    Related Repos


    System utilities
    24
    Files used for reproducing Fuzzware's experiments
    fuzzware-fuzzer Fuzzware Experiments This directory contains the data required to reproduce the experiments from our USENIX 2022 publication Fuzzware: Using Precise M
     
    System utilities
    25
    Presentation plugin for neovim written in lua
    Chaitanyabsprip Presenting.nvim A Presentation plugin written for Neovim in Lua Installation You can install Present with your plugin manager of choice with packer.nv
     
    System utilities
    3
    Static analysis tool for Go that finds vulnerabilities using SSA (single static assignment...
    bryk-io GitHub Action: GoKart Security Static Analysis GoKart is a static analysis tool for Go that finds vulnerabilities using the SSA (single static assignm
     
    System utilities
    3
    Railway for Alist
    alist-org alist-railway Railway for Alist Usage Fork this repo Open Railway and click New Object Choose the repo that you forked and select the mysql branch Add
     
    System utilities
    19
    Basic Recon For Bug Bounty Hunter - "HuntTheBug" is Basic Scripts For Sub Domain Enumerati...
    vikrantbatra05 Basic Recon For Bug Bounty Hunter - "HuntTheBug" is Basic Scripts For Sub Domain Enumeration> Live Domain Enumeration > Sub Domain Hijack > URL + JavaScript Scan > Dir Brute Forcing > Open Port Check With Telegram Bot Notification
     
    System utilities
    84
    Extensible Neovim Scrollbar
    petertriho nvim-scrollbar Extensible Neovim Scrollbar 🚧 WORK IN PROGRESS 🚧 This is a work in progress and breaking changes to the setup/config could occur in t
     
    System utilities
    5
    😎😘 Free Windows 11 VPS for 4 Hours ! Easy Method!
    kmille36 Windows 11 RDP Here this tutorial using Azure Cloud Shell to create Virtual Machine on Microsoft Learn Sandbox. 😎 Its Four Hours RDP Completely Free
     
    System utilities
    3
    My configuraion files
    3Kevi Welcome! Here you can find my Void Linux dotfiles. Overview OS: Void Window manager: bspwm Terminal: kitty Shell: zsh Bar: Polybar Compositor: picom P
     
    System utilities
    3
    An especially small & quick & simple Algolia docsearch Indices upload action
    guzhongren algolia-docsearch-upload-action An especially small & quick & simple Algolia docsearch Indices upload action Usage - name: Algolia Docsearch Uploa
     
    System utilities
    35
    A simple and transparent alternative to boot2docker (backed by Vagrant)
    shyiko docker-vm The easiest way to get started with Docker on Mac OS X (tested on OS X Yosemite 10.10.1) and Windows (tested on Windows 10 Pro Insider Previ
     
    System utilities
    518
    GitOps powered K8s app suite with developer self-service
    redkubes Shift left with Otomi Otomi makes developers self-serving and helps DevOps teams to guarantee application security and availability at the earliest st
     
    System utilities
    102
    Awesome Bug bounty builder Project
    0xJin Awesome Bug Bounty Builder Β―\(ツ)/Β― Awesome Bug bounty builder Project - ALL common Tools for find your Vulnerabilities. Tested on Debian. Installation
     
    System utilities
    2
    Ready-to-use VSCode setup to preview/convert markdown documents
    logwolvy Ready-to-use VSCode setup to preview/convert markdown documents
     
    System utilities
    7.3k
    Testing TLS/SSL encryption anywhere on any port
    drwetter Testing TLS/SSL encryption anywhere on any port
     
    System utilities
    519
    Vegile - Ghost In The Shell
    Screetsec Vegile is a tool for Post exploitation Techniques in linux. Post Exploitation techniques will ensure that we maintain some level of access and can potentially lead to deeper footholds into our targets trusted network.