WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and
supercomputersalike, fit for many different circumstances. Initially released for the Linux kernel, it plans to be cross-platform and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.
Env: Ubuntu 18.04 64bit on Vultr
add-apt-repository ppa:wireguard/wireguard apt-get update apt-get install wireguard
Generate the public and private key
(umask 077 && printf "[Interface]\nPrivateKey = " | sudo tee /etc/wireguard/wg0.conf > /dev/null) wg genkey | sudo tee -a /etc/wireguard/wg0.conf | wg pubkey | sudo tee /etc/wireguard/publickey
Edit the wg0.conf file
nano /etc/wireguard/wg0.conf [Interface] PrivateKey = YOUR_PRIVATE_KEY ListenPort = 993 # UDP SaveConfig = false Address = 192.168.2.1/24, fd86:ea04:1115::1/128 PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE SaveConfig = true [Peer] ## Generate from Android or other device PublicKey = PUBLIC_KEY_ON_ANDROID AllowedIPs = 192.168.2.2/32, fd86:ea04:1115::2/128
Save and fire it up!
wg-quick down wg0 wg-quick up wg0
Make it auto start on boot
systemctl enable [email protected]
Enable port forwarding
nano /etc/sysctl.conf net.ipv4.ip_forward = 1 net.ipv6.conf.all.forwarding = 1 //Save sysctl -p
[Interface] PrivateKey = <Output of privatekey file that contains your private key> Address = 192.168.2.2/32, fd86:ea04:1115::2/128 DNS= 192.168.2.1 MTU = 1360 [Peer] PublicKey = <Server's public key from *wg show* command on server> Endpoint = <Linux server's Public IP>:993 AllowedIPs = 0.0.0.0/0, ::/0 PersistentKeepalive = 25