Creating a WireGuard VPN on a Linux Server

Creating a WireGuard VPN on a Linux Server

WireGuard is a modern, simple, and highly efficient VPN that utilizes state-of-the-art cryptography. This guide will walk you through the steps to install and configure WireGuard on a Linux server using an automated script, streamlining the process and ensuring a secure setup.

Prerequisites

• A Linux server (Ubuntu, Debian, CentOS, Fedora, or similar)
• Root or sudo access to the server
• An SSH client (e.g., PuTTY, OpenSSH) to connect to the server

Step 1: Connect to Your Server

Use an SSH client to connect to your Linux server. Once connected, switch to the root user to ensure you have the necessary permissions:

sudo su -

Step 2: Download the WireGuard Install Script

This script, created by Stan (GitHub: angristan), automates the installation and configuration of WireGuard. Download the script using the following command:

curl -O https://gist.githubusercontent.com/IbsanjU/eaa089cfa9906af35ff653bf608bdba5/raw/63a8691d3b35a9e94397bc94ad5ebca0fef766a8/wireguard-install-script.sh

Step 3: Make the Script Executable

Change the permissions of the downloaded script to make it executable:

chmod +x wireguard-install.sh

Step 4: Run the Install Script

Execute the script to start the WireGuard installation and configuration process:

./wireguard-install.sh

The script will guide you through several configuration options, such as:

• Public IP address of the server: The script will attempt to detect this automatically.
• Network interface to use: Typically eth0 or similar.
• WireGuard interface name: Default is wg0.
• Server WireGuard IPv4 and IPv6 addresses: Suggested defaults are provided.
• WireGuard port: A random port within the private range is suggested.
• DNS servers for the clients: Defaults to Cloudflare DNS (1.1.1.1 and 1.0.0.1).
• Allowed IPs for the clients: Defaults to 0.0.0.0/0, ::/0 to route all traffic through the VPN.

You can accept the default options by pressing Enter or customize them as needed.

Step 5: Retrieve the Client Configuration

After the installation completes, retrieve the client configuration file by running:

cat /root/wg0-client-yourname.conf

Replace yourname with your chosen client name. The configuration details will be displayed in the terminal.

In PuTTY, highlighting the text automatically copies it to your clipboard. Paste the copied content into a file on your local machine and save it with a .conf extension (e.g., wg0-client-yourname.conf).

Step 6: Install the WireGuard Client

Download and install the WireGuard client on your local machine. WireGuard clients are available for various platforms:

• Windows
• macOS
• Linux
• iOS
• Android

Step 7: Import the Client Configuration

Open the WireGuard client on your local machine and import the configuration file you saved earlier. This file contains all the necessary details to connect to your WireGuard server.

Step 8: Connect to Your VPN

Activate the WireGuard VPN connection from the client. You should now be securely connected to your WireGuard server. Verify your connection by checking your IP address on a website like WhatIsMyIP.

Adding Additional Clients

To add additional clients after the initial setup, you can run the script again and follow these steps:

1. Run the Script Again

   ./wireguard-install.sh
   

2. Choose to Add a New User

   Select option 1 to add a new user.

3. Enter Client Details

   Provide a unique client name and follow the prompts to configure the new client. The script will generate a new configuration file for the client.

Example to Add a New Client

1. Run the Script

   ./wireguard-install.sh
   

2. Select Option to Add a New User

   Welcome to WireGuard-install!
   The git repository is available at: https://github.com/angristan/wireguard-install
   
   It looks like WireGuard is already installed.
   
   What do you want to do?
      1) Add a new user
      2) List all users
      3) Revoke existing user
      4) Uninstall WireGuard
      5) Exit
   Select an option [1-5]: 1
   

3. Enter Client Details

   • Client name: client2
   • Client IPv4: 10.66.66.3
   • Client IPv6: fd42:42:42::3

   The script will generate the client configuration and display a QR code if qrencode is installed.

Listing and Revoking Clients

You can list all existing clients or revoke a client using the script:

1. List All Clients

   ./wireguard-install.sh
   

   Select option 2 to list all users.

2. Revoke a Client

   ./wireguard-install.sh
   

   Select option 3 to revoke a client and follow the prompts to remove the client configuration.

Troubleshooting

• Cannot connect to the VPN: Ensure that the server is reachable and the WireGuard service is running.
• No internet access after connecting: Check the Allowed IPs setting in the client configuration. It should be 0.0.0.0/0, ::/0 to route all traffic through the VPN.
• Firewall issues: Ensure that UDP traffic on the WireGuard port is allowed through the server's firewall.

Conclusion

By following these steps, you can easily set up and configure a WireGuard VPN on a Linux server using an automated script. This approach simplifies the installation process, allowing you to quickly deploy a secure VPN solution. Explore additional configuration options and features provided by WireGuard to further optimize your VPN setup.

Special thanks to Stan (GitHub: angristan) for creating the WireGuard installation script.

Congratulations – you now have your VPN up and running!