M
All Guides

VPN Setup (WireGuard)

Set up a WireGuard VPN server and configure clients.

Intermediate20 min

Setup Steps

1. Install WireGuard:

sudo apt install wireguard -y

2. Generate server key pair:

wg genkey | tee /etc/wireguard/server_private.key | wg pubkey > /etc/wireguard/server_public.key
chmod 600 /etc/wireguard/server_private.key

3. Server configuration (/etc/wireguard/wg0.conf):

[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = <server_private_key>
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

4. Enable IP forwarding:

echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

5. Generate client key pair:

wg genkey | tee client_private.key | wg pubkey > client_public.key

6. Add client to server config:

[Peer]
PublicKey = <client_public_key>
AllowedIPs = 10.0.0.2/32

7. Start WireGuard:

sudo wg-quick up wg0
sudo systemctl enable wg-quick@wg0

8. Open port in firewall:

sudo ufw allow 51820/udp

Related Guides

UFW Firewall Setup

Secure your server with Ubuntu Uncomplicated Firewall (UFW).

Fail2Ban Setup

Protect your server against brute-force attacks with Fail2Ban.

ModSecurity WAF Setup

Install ModSecurity Web Application Firewall with Apache or Nginx.

Certbot Automatic SSL Renewal

Configure automatic renewal of Let's Encrypt SSL certificates with Certbot.