1. Install WireGuard on the VPN server
- Ubuntu ≥ 19.10
#sudo apt install wireguard
2. Generate the server keys, (server_private_key, server_public_key)
#wg genkey | tee server_private_key | wg pubkey > server_public_key
To list the server private and public key write:
(copy the keys to a text editor to use later on)
3.a On the Server generate the config file wg0.conf
Ex. Ubuntu wireguard server cli write:
And add this content:
The above configuration assumes your network adapter is named ens18.
Chances are that your network adapter is not named the same and you will need to substitute ens18 in PostUp and PostDown to the name of the nic in your KVM.
You can check your network adapters on linux by typing any of the following:
3.b On the Client generate keys
#wg genkey | tee client_private_key | wg pubkey > client_public_key
List the keys:
Edit the wg0-client.conf file on client and add the text from below.
Ex. Ubuntu wireguard client cli write: #nano /etc/wireguard/wg0-client.conf
Add the following content:
Please note the data you need to substitute, (Client PrivateKey, Server Public key and vpn server address)
4. Enable the WireGuard interface on the server by writing:
#chown -v root:root /etc/wireguard/wg0.conf
#chmod -v 600 /etc/wireguard/wg0.conf
#wg-quick up wg0
#systemctl enable email@example.com
You can confirm you have a the new interface named wg0 by running ifconfig or ip a.
The output should be something similar like this:
wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
inet 10.200.200.1/24 scope global wg0
valid_lft forever preferred_lft forever
5. Enable IP forwarding on the wireguard server by editing the file sysctl.conf
remove # from the line net.ipv4.ip_forward=1
To stop having to reboot the server do the following:
#echo 1 > /proc/sys/net/ipv4/ip_forward
That's it, you should now be able to connect to your WireGuard VPN.
If you feel you would like some help with setting this up, please don't hesitate to reach out to us.