Notes on Setting up WireGuard for Ubuntu Server
Setting up WireGuard (0.0.20190905) on Ubuntu Server (18.04.3 LTS)
1 minute read
Sep 9, 2019
Primary
Supplemental
Notes
- There is little distinction between “server” (Endpoint) and “client” (Peer). A tunnel is established between a Peer’s interface and an Endpoint’s interface. Which traffic goes over the interface to the
Endpoint
is determined by theAllowedIPs
of the Peer. Use0.0.0.0/0
for all traffic. - WireGuard can be configured to give the interface a static IP as defined in the configuration file as well as which DNS server to use. I suspect dynamic allocation could be done if one were willing to configure a DHCP service on the server.
- Use
wg-quick
to setup the wg service and interface- It will handle configuring the interface such as setting the ip, bringing it up, and configuring DNS
- The syntax for the
wg-quick
config file appears to be a superset of the wg config file - There is a handy systemd script which will handle interface config and execute pre-up and post-down commands which are useful for running iptables commands
-
tcpdump
is quite useful for debugging. For example trytcpdump -i wg0
on the server while pinging on the client to make sure traffic is being sent to the server over the tunnel