20.09.2023

How to Install WireGuard VPN Client on Ubuntu Linux

WireGuard is an application that allows you to set up a secure virtual private network (VPN), known for its simplicity and ease of use. It uses proven cryptographic protocols and algorithms to protect data. Originally designed for the Linux kernel, it can be deployed on Windows, macOS, BSD, iOS and Android. This WireGuard vpn client setup uses the Linux distribution, Ubuntu 20.04.

Installing the WireGuard Client App on Ubuntu

WireGuard client installation is done in the same way as on the server side.

Log in via SSH to the Linux server, after logging in, check if the machine is updated by running the following command:

sudo apt-get update && sudo apt-get upgrade

Now install WireGuard by running the following command:

sudo apt-get install wireguard

Generating Private and Public Keys

WireGuard works by encrypting the connection using a pair of cryptographic keys. The key pair is used by passing the public key to the other party, which can then encrypt its message so that it can only be decrypted with the corresponding private key. To secure two-way communication, each side must have its own private and public keys, since each pair provides only one-way messaging.

Generate a client public and private key pair by running the following command:

wg genkey | tee private.key | wg pubkey > public.key

After that, create a client configuration file, in the following directory:

sudo nano /etc/wireguard/wg0.conf

In the file type:

[Interface]
PrivateKey = <contents-of-client-privatekey>
Address = 10.0.0.1/24
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51820
[Peer]
PublicKey = <contents-of-server-publickey>
AllowedIPs = 10.0.0.2/32

Notes: In the publickey line insert the server public key that we generated in the previous article and on the private key insert the client private key. The key can be viewed with the command:

cat private.key

WireGuard Startup

To start the connection, type the following command:

sudo wg-quick up wg0

Now the client can communicate with the server, you can ping the server from the client with the command

ping 10.0.0.1

To find out the connection status, run the following command:

sudo wg show

You will get all the connection details as shown below

Congratulations! Your client computer now has access to the VPN network.