Korur
블로그로 돌아가기
Infrastructure

How to Set Up WireGuard VPN on Ubuntu 24.04

Apr 11, 20258 minKorur Security Team
How to Set Up WireGuard VPN on Ubuntu 24.04

WireGuard is a modern VPN that is dramatically simpler and faster than OpenVPN or IPsec. Its codebase is small enough to audit, it uses state-of-the-art cryptography, and it performs well even on modest hardware. This guide sets up a WireGuard server on Ubuntu 24.04 and connects a client.

Step 1: Install WireGuard

WireGuard ships in the Ubuntu repositories. Install it with sudo apt update && sudo apt install wireguard. The kernel module is already present in modern Ubuntu, so no extra build steps are needed.

Step 2: Generate server keys

Create a private and public key pair with wg genkey | tee privatekey | wg pubkey > publickey. Keep the private key secret — it never leaves the server. The public key will be shared with each client.

Step 3: Create the server configuration

Write /etc/wireguard/wg0.conf with an [Interface] section defining the server's private key, a VPN subnet address such as 10.8.0.1/24, and a listen port (51820 by default). Add a [Peer] section for each client with that client's public key and allowed IPs.

Step 4: Enable IP forwarding and NAT

To route client traffic out to the internet, enable IP forwarding by setting net.ipv4.ip_forward=1 in /etc/sysctl.conf, then add a masquerade rule with iptables on the server's public interface. WireGuard's PostUp and PostDown hooks are a clean place to manage these rules.

Step 5: Open the firewall and start the service

Allow UDP 51820 through ufw, then bring up the interface with sudo systemctl enable --now wg-quick@wg0. Verify it is running with sudo wg show, which lists each peer and the latest handshake time.

Step 6: Configure the client

On the client, install WireGuard, generate its own key pair, and create a config pointing at the server's public key and endpoint. Set AllowedIPs to 0.0.0.0/0 to route all traffic, or to specific subnets for split tunnelling. Import the config and connect.

WireGuard's simplicity is its strength. With a single config file per peer and near-instant reconnection, it is an excellent choice for small teams who want a reliable, self-hosted VPN.

Korur Security Team

코루 보안팀