How to Install Wireguard on Ubuntu 20.04

admin

https://songer.pro/how-to-install-wireguard-on-ubuntu-20-04/

5 W5 i8 s- Z5 L0 q% S2 G( q

https://linuxize.com/post/how-to-set-up-wireguard-vpn-on-centos-8/   这是一个学习LINUX的好网站

$ c# [- _6 N5 I$ I& y+ Q

centos7下预置的yum源应用安装及更新比较慢，有时还掉链子，更换到国内的源比较省心，这里以阿里源为例。

进入到源文件目录

cd /etc/yum.repos.d

备份旧的配置文件

mv CentOS-Base.repo CentOS-Base.repo.bak

下载阿里源的文件

wget -O CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

清理缓存

yum clean all

重新生成缓存

yum makecache

, S. ~( z* L' h0 E+ P/ d

Update and Upgrade Ubuntusudo apt-get update && sudo apt-get upgrade -yInstall Wireguardsudo apt-get install wireguard

Open the system variables file for edit.

sudo nano /etc/sysctl.conf

Then uncomment the following line by removing the # at the beginning of the line.

net.ipv4.ip_forward=1

Apply

sudo sysctl -p

---

Install and Configure UFW# Install UFWsudo apt install ufw# Firewall Rulessudo ufw allow sshsudo ufw allow 51820/udp# Enable Firewallsudo ufw enable#Check UFW Statussudo ufw status

---

Generating private and public keys and Configure# Change Directorycd /etc/wireguard# Set Permissionsumask 077#  Generate a new key pair with the command belowwg genkey | tee privatekey | wg pubkey > publickeyGenerate server config# Create new config filesudo nano /etc/wireguard/wg0.conf[Interface]PrivateKey = <contents-of-server-privatekey>Address = 10.0.0.1/24PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADEPostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADEListenPort = 51820[Peer]PublicKey = <contents-of-client-publickey>AllowedIPs = 10.0.0.2/32sudo cat /etc/wireguard/publickeysudo cat /etc/wireguard/privatekey

Start Wireguard

wg-quick up wg0

Check Wireguard Config

wg show

Enable Automatic Start

systemctl enable wg-quick@wg0

Update Server

sudo apt-get update && sudo apt-get upgrade -y

---

Client configuration
+ L- q/ b9 [( g3 K2 U; B

Create new Config file on Client Device

sudo nano /etc/wireguard/wg0.conf

Remember to set the client private key and server public key to their corresponding places and also include your WireGuard server’s public IP address.

[Interface]Address = 10.0.0.2/32PrivateKey = <contents-of-client-privatekey>DNS = 1.1.1.1[Peer]PublicKey = <contents-of-server-publickey>Endpoint = <server-public-ip>:51820AllowedIPs = 0.0.0.0/0, ::/0Note that setting AllowedIPs to 0.0.0.0/0, ::/0 will forward all traffic over the WireGuard VPN connection.

Start the connection with the command below.

sudo wg-quick up wg0

To Disconnect

sudo wg-quick down wg0sudo systemctl stop wg-quick@wg0