setup wireguard on ubuntu

install tools

# update source
$ sed -i 's@//.*archive.ubuntu.com@//mirrors.ustc.edu.cn@g' /etc/apt/sources.list

# install
$ apt update
$ apt install wireguard curl resolvconf

enable ipv4 forword

# /etc/sysctl.conf
# net.ipv4.ip_forward=1
# net.ipv6.conf.all.forwarding=1

$ sysctl -p

get your network information

$ ip route

default via 192.168.1.1 dev eth0 metric 202 
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.99

ip = 192.168.1.99
gateway = 192.168.1.1

add wireguard config

# /etc/wireguard/wg.conf

[Interface]
PrivateKey = <privateKey>
Address = 172.16.0.2/32
DNS = 114.114.114.114
MTU = 1280

PostUp = ip rule add table 200 from <ip>
PostUp = ip route add table 200 default via <gateway>
PreDown = ip rule delete table 200 from <ip>
PreDown = ip route delete table 200 default via <gateway>


[Peer]
PublicKey = <publicKey>
AllowedIPs = 0.0.0.0/0
Endpoint = engage.cloudflareclient.com:2408

run/stop/show wireguard

# run wg
$ wg-quick up wg

# stop wg
$ wg-quick down wg

# show info
$ wg show

replace iptables with nftables to forward traffic to wg.

chain natpostrouting {
    type nat hook postrouting priority 100; policy accept;
    iifname $wg_iface oifname $pub_iface masquerade
}

How To Set Up WireGuard on Ubuntu 20.04 | DigitalOcean

In this tutorial, you will set up WireGuard on an Ubuntu 20.04 server, and then configure another machine to connect to it as a peer using both IPv4 and IPv6…

DigitalOceanJamon Camisso