This article will help you learn how to install and configure WireGuard on Linux OS.
To install WireGuard on your Linux OS device, follow the steps:
- Start the terminal (Ctrl+Alt+T). Run the command in it:
$ sudo apt install wireguard
- Additionally, download the WireGuard configuration file (wg_client**.conf) from the provided link: http://server_IP:port/xxxxxxxxxx/, you have received this link via email after activating the service.
- You can also find VPN access in your client area.
- In your client area, find the VPN Servers tab.
- Click Manage.
- In the Access section, find the WireGuard settings.
- Download access information there.
- For the work of VPN, enable packet forwarding, only then you can connect through the WireGuard server. To enable packet forwarding, edit the /etc/sysctl.conf file:
sudo nano /etc/sysctl.conf
- Remove "#" for the following command:
net.ipv4.ip_forward=1
- To apply the changes, run the following command:
sysctl -p
WireGuard works by encrypting the connection with a pair of cryptographic keys. A key pair is used by passing the public key to the other party, where their message can be encrypted in such a way that it can only be decrypted with the corresponding private key. For two-way communication to be secure, each party must have its own private and public keys, since each pair provides only one-way messaging.
- To generate a key pair, go to the directory:
dwg sudo cd /etc/wireguard
- To set permission for this directory, run the following command:
umask 077
- To generate a key pair, run the following command:
wg genkey | tee private.key | wg pubkey > public.key
- To start configuring the WireGuard server, go to the /etc/wireguard folder and create the wg0.conf file:
sudo nano /etc/wireguard/wg0.conf
- Add the following directives to the configuration file:
[Interface]
PrivateKey = <contents-of-server-privatekey>
Address = <Address>
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = <ListenPort>
[Peer]
PublicKey = <contents-of-client-publickey>
AllowedIPs = <AllowedIPs> - Copy the private key generated earlier and paste it into the PrivateKey. To generate a key pair for the client, copy the client's public key and paste it into the PublicKey.
To copy the key value, run the following command:sudo cat /etc/wireguard/public.key
sudo cat /etc/wireguard/private.key
- To start WireGuard use wg-quick and specify the name of the new interface:
wg-quick up wg0
-
To check the WireGuard server status, enter:
wg show
If you have any questions, you can ask them in the online chat in the lower right corner of the site or by ticketing the Techsupport Department.
To order the Personal VPN and Socks5 Proxy service, please proceed with the order.