Step-by-Step Guide to Setting Up WireGuard VPN on Ubuntu 24.04 Without Docker
Step-by-Step Guide to Setting Up WireGuard VPN on Ubuntu 24.04 Without Docker
At , we understand the importance of secure and reliable VPN solutions for our users. If you're looking to establish a private network on your Ubuntu 24.04 VPS without the complexity of Docker, you're in the right place. In this guide, we will walk you through the process of setting up WireGuard VPN on Ubuntu 24.04 in a straightforward, beginner-friendly manner. Our approach emphasizes security, simplicity, and full control over your VPN server.
Prerequisites: Ubuntu 24.04 VPS and Root Access
Before we begin, ensure you have a VPS running Ubuntu 24.04. We recommend choosing one of our reliable VPS plans to get started quickly. You will also need root access or a user with sudo privileges to install and configure the necessary components.
Installing WireGuard Packages from Ubuntu Repositories
Ubuntu 24.04 includes WireGuard in its default repositories, making installation straightforward. First, update your package list:
sudo apt updateThen, install the WireGuard package:
sudo apt install wireguardThis command installs all necessary components for running WireGuard on your server. We prefer using the native Ubuntu packages to keep the setup clean and secure.
Generating Server and Client Keys
Next, we generate cryptographic keys for both the server and the client. These keys are essential for establishing a secure VPN connection.
Generate Server Keys
wg genkey | sudo tee /etc/wireguard/server_private.key | wg pubkey | sudo tee /etc/wireguard/server_public.keyThis command creates a private key and a public key for the server, storing them securely in the /etc/wireguard directory.
Generate Client Keys
Similarly, generate keys for your client device:
wg genkey | tee ~/client_private.key | wg pubkey | tee ~/client_public.keyKeep these keys safe, especially the private ones, as they are critical for security.
Configuring WireGuard Server and Client Interfaces
Server Configuration
Create the server configuration file at /etc/wireguard/wg0.conf:
[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = <server_private_key>
# Peer (Client)
[Peer]
PublicKey = <client_public_key>
AllowedIPs = 10.0.0.2/32Replace <server_private_key> and <client_public_key> with the actual keys generated earlier.
Client Configuration
Create a configuration file on your client device, e.g., client.conf:
[Interface]
Address = 10.0.0.2/24
PrivateKey = <client_private_key>
[Peer]
PublicKey = <server_public_key>
Endpoint = <your_server_ip>:51820
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 25Again, replace placeholders with your actual keys and server IP address.
Setting Up Firewall Rules and Enabling IP Forwarding
To allow VPN traffic, we need to configure firewall rules and enable IP forwarding.
Enable IP Forwarding
sudo sysctl -w net.ipv4.ip_forward=1To make this change persistent across reboots, edit /etc/sysctl.conf and uncomment or add:
net.ipv4.ip_forward=1Configure Firewall Rules
If you're using UFW (Uncomplicated Firewall), allow traffic on the WireGuard port and enable forwarding:
sudo ufw allow 51820/udp
sudo ufw enableAdditionally, set up NAT to masquerade VPN traffic:
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADEReplace eth0 with your actual network interface if different.
Starting WireGuard Service and Testing VPN Connection
Start the WireGuard interface:
sudo wg-quick up wg0Verify the interface is active:
sudo wgOn your client device, activate the VPN using your configuration file. Once connected, test the VPN by pinging the server's VPN IP:
ping 10.0.0.1If you receive responses, your VPN is working correctly!
Troubleshooting Common Connection and Configuration Issues
- Connection refused or timeout: Check firewall rules and ensure the WireGuard port (51820) is open.
- Keys not matching: Verify that the correct public and private keys are used in configurations.
- IP forwarding not enabled: Confirm that IP forwarding is active and persistent.
- Interface not up: Use
sudo wg-quick down wg0and thensudo wg-quick up wg0to restart the interface.
Conclusion
Setting up WireGuard VPN on Ubuntu 24.04 without Docker is a straightforward process that offers a secure and efficient way to protect your online activities. By following our step-by-step guide, you can establish a private network tailored to your needs. Whether you're managing a personal project or securing a business environment, our VPS plans provide the reliable infrastructure to host your VPN server. If you encounter any issues or need further assistance, our support team is here to help you every step of the way.