Setting up WireGuard involves configuring a server and client. In this guide, we’ll walk through setting up a basic WireGuard server and client. This example uses a Linux-based system, but the process is somewhat similar across other platforms.
1. Install WireGuard:
On a Debian/Ubuntu Server:
sudo apt update
sudo apt install wireguard
On a CentOS/RHEL Server:
First, enable the EPEL repository:
sudo yum install epel-release -y
Then, install WireGuard:
sudo yum install wireguard-dkms wireguard-tools -y
2. Server Configuration:
Generate Server Keys:
cd /etc/wireguard/
umask 077
wg genkey | tee server_private_key | wg pubkey > server_public_key
Create and Edit Server Configuration:
nano /etc/wireguard/wg0.conf
Enter the following, adjusting as necessary:
[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = [YourServerPrivateKeyFromAbove]PublicKey = [YourClientPublicKey]
AllowedIPs = 10.0.0.2/32
3. Client Configuration:
Generate Client Keys:
This step can be performed on the server for simplicity, or directly on the client.
wg genkey | tee client_private_key | wg pubkey > client_public_key
Create and Edit Client Configuration:
If you’re on the client:
nano /etc/wireguard/wg0.conf
Enter the following, adjusting as necessary:
[Interface]
Address = 10.0.0.2/24
PrivateKey = [YourClientPrivateKeyFromAbove]PublicKey = [YourServerPublicKey]
Endpoint = [YourServerIPAddress]:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25
4. Start and Enable WireGuard:
On the Server:
sudo wg-quick up wg0
sudo systemctl enable wg-quick@wg0
On the Client:
sudo wg-quick up wg0
sudo systemctl enable wg-quick@wg0
5. Test the Connection:
From the client, you should be able to ping the server using its WireGuard IP:
ping 10.0.0.1
Final Notes:
- Always replace placeholders like
[YourServerPrivateKeyFromAbove]with the actual values. - The server’s
AllowedIPsfor the client is restrictive to only allow the client’s WireGuard IP. If you add more clients, add more[Peer]sections to the server config and adjust IPs accordingly. - The client’s
AllowedIPsis set to0.0.0.0/0, which means all traffic will be routed through the VPN. Adjust this if you need split tunneling. - The
PersistentKeepalivesetting helps with NAT/firewall traversal. - Ensure your server’s firewall allows incoming connections on the chosen WireGuard port (51820 in this case). Adjust firewall settings as necessary.
- This is a basic setup; there are many other configurations possible based on your needs. Always remember to secure and monitor your server.
This article incorporates information and material from various online sources. We acknowledge and appreciate the work of all original authors, publishers, and websites. While every effort has been made to appropriately credit the source material, any unintentional oversight or omission does not constitute a copyright infringement. All trademarks, logos, and images mentioned are the property of their respective owners. If you believe that any content used in this article infringes upon your copyright, please contact us immediately for review and prompt action.
This article is intended for informational and educational purposes only and does not infringe on the rights of the copyright owners. If any copyrighted material has been used without proper credit or in violation of copyright laws, it is unintentional and we will rectify it promptly upon notification. Please note that the republishing, redistribution, or reproduction of part or all of the contents in any form is prohibited without express written permission from the author and website owner. For permissions or further inquiries, please contact us.
