Notes on Setting up WireGuard for Ubuntu Server

Setting up WireGuard (0.0.20190905) on Ubuntu Server (18.04.3 LTS)

1 minute read Sep 9, 2019




  • There is little distinction between “server” (Endpoint) and “client” (Peer). A tunnel is established between a Peer’s interface and an Endpoint’s interface. Which traffic goes over the interface to the Endpoint is determined by the AllowedIPs of the Peer. Use for all traffic.
  • WireGuard can be configured to give the interface a static IP as defined in the configuration file as well as which DNS server to use. I suspect dynamic allocation could be done if one were willing to configure a DHCP service on the server.
  • Use wg-quick to setup the wg service and interface
    • It will handle configuring the interface such as setting the ip, bringing it up, and configuring DNS
    • The syntax for the wg-quick config file appears to be a superset of the wg config file
    • There is a handy systemd script which will handle interface config and execute pre-up and post-down commands which are useful for running iptables commands
  • tcpdump is quite useful for debugging. For example try tcpdump -i wg0 on the server while pinging on the client to make sure traffic is being sent to the server over the tunnel

Sample Configuration