Scribd
Upload
6 views3 pages

WireGuard_Installation_and_Configuration_Guide

Uploaded by

Terry Damnnn
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
6 views3 pages

WireGuard_Installation_and_Configuration_Guide

Uploaded by

Terry Damnnn
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

WireGuard Installation and Configuration Guide

Introduction
WireGuard is a modern, efficient, and secure VPN solution. This guide provides step-by-step
instructions for setting up WireGuard on your server via the terminal, creating multiple
VPN client configurations, and installing a graphical user interface (GUI) alternative to `wg-
easy`.

Part 1: Installing WireGuard on the Server


1. Update System Packages:

sudo apt update && sudo apt upgrade -y

2. Install WireGuard:

sudo apt install wireguard

3. Enable IP Forwarding:

Edit the system configuration file to enable IP forwarding:

sudo nano /etc/sysctl.conf

Uncomment or add the following lines:


net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1

Apply the changes:

sudo sysctl -p

4. Generate Keys:

Generate the private and public keys for the server:

umask 077
wg genkey | tee /etc/wireguard/server_private.key | wg pubkey >
/etc/wireguard/server_public.key

5. Create the WireGuard Configuration File:

sudo nano /etc/wireguard/wg0.conf

[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = <ServerPrivateKey>
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j
MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0
-j MASQUERADE
SaveConfig = true

6. Start WireGuard:

sudo wg-quick up wg0

Enable WireGuard to start on boot:

sudo systemctl enable wg-quick@wg0

7. Verify WireGuard Status:

sudo wg show

Part 2: Creating Multiple VPN Clients


1. Generate Keys for Each Client:

wg genkey | tee client1_private.key | wg pubkey > client1_public.key

2. Add Client to the Server Configuration:

sudo nano /etc/wireguard/wg0.conf

[Peer]
PublicKey = <Client1PublicKey>
AllowedIPs = 10.0.0.2/32

3. Create Client Configuration Files:

nano client1.conf

[Interface]
PrivateKey = <Client1PrivateKey>
Address = 10.0.0.2/24
DNS = 10.0.0.1

[Peer]
PublicKey = <ServerPublicKey>
Endpoint = <ServerPublicIP>:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25

4. Distribute Configuration to Clients:


qrencode -t ansiutf8 < client1.conf

Part 3: Adding a GUI Interface


Instead of `wg-easy`, we will use **WireGuard Manager** for GUI-based configuration and
monitoring.

1. Install WireGuard Manager:

git clone https://github.com/complexorganizations/wireguard-manager.git


cd wireguard-manager
sudo bash wireguard-manager.sh

2. Follow the Interactive Prompts:

The script will automatically install and configure WireGuard. You can add or remove peers
and monitor the status through its web-based interface.

3. Access the Web Interface:

Navigate to the provided URL after setup (e.g., `http://<ServerIP>:8080`). Use the default or
set credentials during installation.

Part 4: Testing and Maintenance


1. Testing Connectivity:

Connect a client using the generated configuration. Verify the connection by pinging the
server:
ping 10.0.0.1

2. Monitor VPN Traffic:

sudo wg show

3. Adding or Removing Clients:

To add a new client, repeat the steps in **Part 2**. To remove a client, delete their `[Peer]`
block from `wg0.conf` and restart WireGuard:
sudo wg-quick down wg0 && sudo wg-quick up wg0

Conclusion
This guide provides a comprehensive setup for WireGuard, including multi-client
configuration and a user-friendly GUI alternative. Follow the steps carefully to ensure a
secure and functional VPN environment.

You might also like