How to Set Up WireGuard VPN on Ubuntu 24.04

WireGuard is a modern, fast, and secure VPN protocol built into the Linux kernel. It is simpler to configure than OpenVPN and IPsec while offering superior performance. This guide sets up a WireGuard VPN server on Ubuntu 24.04 LTS.

Tested and valid on:

• Ubuntu 24.04 LTS

Prerequisites

• Ubuntu 24.04 LTS server with a public IP
• A user with sudo privileges

Step 1 – Install WireGuard

WireGuard is available in Ubuntu 24.04 repositories:

sudo apt update
sudo apt install wireguard -y

Step 2 – Generate Server Keys

Generate the server key pair:

wg genkey | sudo tee /etc/wireguard/server_private.key | wg pubkey | sudo tee /etc/wireguard/server_public.key
sudo chmod 600 /etc/wireguard/server_private.key

Step 3 – Generate Client Keys

Generate a key pair for the client:

wg genkey | tee client_private.key | wg pubkey > client_public.key

Step 4 – Create the Server Configuration

Create /etc/wireguard/wg0.conf:

sudo nano /etc/wireguard/wg0.conf

Add (replace SERVER_PRIVATE_KEY and CLIENT_PUBLIC_KEY with actual values):

[Interface]
PrivateKey = 
Address = 10.0.0.1/24
ListenPort = 51820
PostUp = ufw route allow in on wg0 out on eth0
PostUp = iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
PreDown = ufw route delete allow in on wg0 out on eth0
PreDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = 
AllowedIPs = 10.0.0.2/32

Step 5 – Enable IP Forwarding

Allow traffic forwarding:

sudo nano /etc/sysctl.conf

Uncomment or add:

net.ipv4.ip_forward = 1

Apply:

sudo sysctl -p

Step 6 – Start WireGuard

Start and enable the interface:

sudo systemctl enable wg-quick@wg0
sudo systemctl start wg-quick@wg0
sudo wg show

Step 7 – Create the Client Configuration

Create the client config file:

[Interface]
PrivateKey = 
Address = 10.0.0.2/24
DNS = 1.1.1.1

[Peer]
PublicKey = 
Endpoint = YOUR_SERVER_IP:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25

Conclusion

WireGuard VPN is now running on Ubuntu 24.04 LTS. WireGuard’s minimal codebase and kernel integration provide excellent performance. Import the client config into the WireGuard app on any device.