This week I’ve been experimenting with WireGuard, which is a relatively new alternative to OpenVPN. It claims to be faster and more secure than other VPN products, partly because its codebase is very small compared to other VPN products.
WireGuard is easy to configure. It is compatible with many Linux distro’s, including Ubuntu. For my testing purposes, I’ve set up a new Ubuntu 18.04 LTS VM with Hardware Enablement.
First, make sure you’ve installed WireGuard correctly:
apt-get install wireguard
You should now be able to use
Let’s create a public and private key, which we’ll be using to set up a secure connection:
wg genkey | tee privatekey | wg pubkey > publickey
On the server VM, create a new configuration file
Add the private key you just generated in the
This should contain configuration like this:
[Interface] PrivateKey = <private key> Address = 192.168.160.1/24 ListenPort = 51820 PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth1 -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth1 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth1 -j MASQUERADE SaveConfig = false [Peer] PublicKey = <public key> AllowedIPs = 192.168.158.3/32
The next thing you’ll need to do is add the Peers that will be able to connect to this server. Simply create another VM (Windows, Linux or MacOS) and follow the same steps:
- install WireGuard
- generate private and public key
- create a new
[Interface] PrivateKey = <private key> Address = 192.168.158.3/32 DNS = 188.8.131.52 [Peer] PublicKey = <public key of the server> Endpoint = <ip4-of-server>:51820 AllowedIPs = 0.0.0.0/0, ::/0 # Forward all traffic to server
AllowedIPs instructs WireGuard to forward all traffic through the tunnel.
Finally, you can start up WireGuard on both the server and client:
wg-quick up /etc/wireguard/wg0.conf
Now both VMs should be connected and able to ping each other.
You can check the status of the connection with:
I saw a notable increase in throughput compared to OpenVPN. Try it out yourself and let me know in the comments.