How to Install Wireguard VPN on Ubuntu 24.04?

Online users together with system managers consider security and privacy needs to be their top priority for working within digital platforms. WireGuard provides users with a fresh VPN alternative that delivers excellent security protocols and faster operation speeds. With Ubuntu 24.04 installation of WireGuard you can generate VPN access that remains protected from network restrictions and provides encryption for your sensitive information. The basic design of WireGuard needs minimal system resources to operate while delivering stronger security than traditional VPN models.

Installation of WireGuard through Ubuntu 24.04 becomes simple as the process features easy-to-follow guidelines that any person can execute. Terminal commands enable establishment of both secure and fast VPN connections which guarantee your online anonymity. The article will describe the complete WireGuard startup procedure on Ubuntu 24.04 starting with the initial steps and finishing with the end of the process.

Users can develop an essential tool for protecting online privacy since WireGuard fundamentals are easy to grasp by anyone regardless of their technical ability. Additionally, understanding How to Use the ls Command in Linux can be beneficial when navigating directories while configuring WireGuard.

Prerequisites

Before getting started, ensure the following:

Deploy an Ubuntu 24.04 server on Vultr to serve as your WireGuard VPN server.

Connect to the server via SSH using a non-root user with sudo privileges.

Update the server to the latest packages.

Step 1: Install WireGuard

WireGuard is available in Ubuntu 24.04’s default APT repositories. Follow these steps to install it and enable it to start on boot:

Install WireGuard

Run the following command:

sudo apt install wireguard -y

Verify Installation

Check the installed WireGuard version:

wg --version

Expected output:

wireguard-tools v1.0.20210914 - https://git.zx2c4.com/wireguard-tools/

Step 2: Configure WireGuard

WireGuard requires a private and public key pair to function. Follow these steps to generate and configure them:

Generate Private and Public Keys

Generate a new private key and store it securely:

sudo wg genkey | sudo tee /etc/wireguard/server_private.key

Copy the generated key for later use.

Modify file permissions to restrict access:

sudo chmod 600 /etc/wireguard/server_private.key

Generate a public key from the private key:

sudo cat /etc/wireguard/server_private.key | wg pubkey | sudo tee /etc/wireguard/server_public.key

Identify the Main Network Interface

Check available network interfaces:

ip a

Locate the main public interface (e.g., enp1s0) and note its IP address.

Step 3: Create WireGuard Server Configuration

Open a new configuration file:

sudo nano /etc/wireguard/wg0.conf

Add the following content, replacing the placeholders with your private key and network interface:

[Interface]
Address = 10.8.0.1/24
SaveConfig = true
PrivateKey = <YOUR_SERVER_PRIVATE_KEY>
PostUp = ufw route allow in on wg0 out on <YOUR_INTERFACE>
PostUp = iptables -t nat -I POSTROUTING -o <YOUR_INTERFACE> -j MASQUERADE
PreDown = ufw route delete allow in on wg0 out on <YOUR_INTERFACE>
PreDown = iptables -t nat -D POSTROUTING -o <YOUR_INTERFACE> -j MASQUERADE
ListenPort = 51820

Save and close the file.

Configuration Breakdown:

Address       : Assigns a private subnet for WireGuard.
SaveConfig : Saves runtime changes if enabled.
PrivateKey : Uses the server’s private key.
PostUp        : Adds firewall and NAT rules to allow traffic.
PreDown    : Removes firewall and NAT rules when shutting down.
ListenPort : Defines the port for incoming connections.

Step 4: Configure WireGuard Clients

Each client requires a valid public key to connect.

Generate Client Keys

Create a private key for a client:

sudo wg genkey | sudo tee /etc/wireguard/client1_private.key

Generate a public key from it:

sudo cat /etc/wireguard/client1_private.key | wg pubkey | sudo tee /etc/wireguard/client1_public.key

Create Client Configuration
Open a new configuration file:

sudo nano /etc/wireguard/client1.conf

Add the following configuration, replacing placeholders with your keys and server IP:

[Interface]
PrivateKey = <CLIENT_PRIVATE_KEY>
Address = 10.8.0.2/24
DNS = 8.8.8.8
[Peer]
PublicKey = <SERVER_PUBLIC_KEY>
AllowedIPs = 0.0.0.0/0
Endpoint = <SERVER_IP>:51820
PersistentKeepalive = 15

Save and close the file.

Configuration Breakdown:
PrivateKey  : Uses the client’s private key.
PublicKey   : Connects to the server using its public key.
AllowedIPs : Defines accessible IPs when connected.
Endpoint    : Specifies the server’s IP and port.
PersistentKeepalive : Keeps the VPN connection active.

Copy Client Configuration

Move the client configuration to a user-accessible location:

sudo cp /etc/wireguard/client1.conf ~/client1.conf

Final Steps

Start the WireGuard service:

sudo systemctl start wg-quick@wg0

Enable WireGuard to start on boot:

sudo systemctl enable wg-quick@wg0

Verify the interface is active:

udo wg show

Conclusion

Now that you have WireGuard set up on your Ubuntu 24.04 server you can use your secure VPN connection. You enable users to securely access your private network through WireGuard when you configure client connections because its slim and fast encryption suits their needs. This design enables smooth communication between machines at a distance and the main server system. You can use it in both personal and business networking environments.

WireGuard serves as a tool to set up many different VPN connections at once. Make different WireGuard interfaces with private IP pools to set user groups apart depending on their permitted access. You can configure different WireGuard interfaces for remote staff, internal administrators and sensitive security operations. The product enables distinct user groups to keep their own security settings working correctly without affecting other groups.

WireGuard simplifies its design to let you deploy and manage the VPN system across multiple devices with ease. The WireGuard technology offers secure VPN connections that organizations can set up easily no matter their business size or remote office count. You can easily boost client connectivity when your network size increases because WireGuard maintains encrypted transmission and steady network speed. Your VPN structure can provide secure remote access to all your users from any location.