WireGuard is a modern, high-performance VPN protocol built into the Linux kernel. It is faster and simpler than OpenVPN and IPsec, using state-of-the-art cryptography. This guide sets up a WireGuard VPN server on Ubuntu 26.04 LTS and connects a client.
Tested and valid on:
- Ubuntu 26.04 LTS
Prerequisites
- Ubuntu 26.04 LTS server with a public IP address
- A user with sudo privileges
- UDP port 51820 open in the firewall
Step 1 – Install WireGuard
sudo apt update
sudo apt install wireguard -yStep 2 – Enable IP Forwarding
sudo sysctl -w net.ipv4.ip_forward=1
echo 'net.ipv4.ip_forward=1' | sudo tee /etc/sysctl.d/99-wireguard.confStep 3 – Generate Server Keys
cd /etc/wireguard
wg genkey | sudo tee server_private.key | wg pubkey | sudo tee server_public.key
sudo chmod 600 /etc/wireguard/server_private.keyStep 4 – Generate Client Keys
wg genkey | sudo tee client_private.key | wg pubkey | sudo tee client_public.keyStep 5 – Create Server Configuration
sudo nano /etc/wireguard/wg0.confAdd (replace keys with your generated values):
[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey =
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
PublicKey =
AllowedIPs = 10.0.0.2/32Step 6 – Start WireGuard
sudo systemctl start wg-quick@wg0
sudo systemctl enable wg-quick@wg0
sudo wg showStep 7 – Client Configuration
Create wg0.conf on the client:
[Interface]
Address = 10.0.0.2/24
PrivateKey =
[Peer]
PublicKey =
Endpoint = SERVER_IP:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25sudo wg-quick up wg0Conclusion
WireGuard VPN is running on Ubuntu 26.04 LTS. The server routes all client traffic through the VPN tunnel. Add more clients by generating additional key pairs and adding [Peer] sections to the server config.
