In this tutorial, we will show you how to set up a WireGuard VPN server on Ubuntu using PiVPN.
WireGuard has become an incredibly popular VPN protocol known for its performance and privacy improvements over the older OpenVPN. VPN, if you have never heard of it, stands for virtual private network. Software such as WireGuard allows you to create a secure tunnel between two locations. All traffic is encrypted while in transit.
One of the key advantages of setting up a VPN server like WireGuard on Ubuntu is that it can securely give you access to your home network.
Many of the improvements WireGuard introduces are thanks to its significantly smaller code base. This code base allows the team to find optimizations better while also reducing the attack vector for a bad actor.
The only real drawback of setting up a WireGuard VPN server on Ubuntu is that it is typically a tricky process for beginners. You have to set up and manage many different things, which can quickly become overwhelming for beginners.
To simplify the whole process of setting up this VPN server, we will use a script called PiVPN. While this script was originally designed for the Raspberry Pi, it works perfectly on Ubuntu. This script handles many annoying processes of setting up a WireGuard server on Ubuntu.
Alternatively, if you want an even easier process, you can use the wg-easy Docker container. That solution provides you with a web interface that handles everything for you.
Installing and Setting up a WireGuard VPN Server on Ubuntu
Over the following sections, we will be walking you through the whole process of setting up a WireGuard VPN Server on Ubuntu.
We will even show you how to create a client to connect to your VPN.
Preparing your Ubuntu System to Run WireGuard
1. Before we get too carried away with setting up a WireGuard VPN server on our Ubuntu system we should ensure everything is up to date.
You can update the package list cache and upgrade any out-of-date packages by using the following command in the terminal.
sudo apt update
sudo apt upgrade -y
2. Next, we must ensure that our system has curl installed. We will be using curl to grab and run the PiVPN install script that we will use to set up the WireGuard VPN server.
You can ensure curl has been installed by running the following command in the terminal.
sudo apt install curl
Downloading and Starting the PiVPN Script
3. At this point, all we need to do to download and run the PiVPN script on our Ubuntu system is to run the following command.
This script will walk us through successfully setting up a WireGuard server on our Ubuntu system. It also saves us hassle when generating config files for new clients.
curl https://raw.githubusercontent.com/pivpn/pivpn/master/auto_install/install.sh | bash
Using PiVPN To set up the WireGuard Server on Ubuntu
4. At this point, you will now have the PiVPN install script running on your Ubuntu device. We will be using this script as a really simple process for installing and setting up your WireGuard VPN server.
Just a couple of things before we get started.
- First, you use the ARROW keys to navigate around these menus.
- If you find a list, such as selecting a network interface, you will need to press the SPACEBAR to select the highlighted item.
- To confirm any selection, press the ENTER key.
Once you are happy to continue setting up this VPN, press the ENTER key.
5. You will now get a warning that you must have a static IP Address if you are setting up a VPN on your Ubuntu server such as WireGuard.
If you are hosting this VPN from your home, the best way to give your machine a static IP address is to use DHCP reservation.
However, you can also try forcing a static IP address through the Ubuntu interface. This will make your machine try to request a specific IP address, but it is not guaranteed like a DHCP reservation.
To proceed with this guide, press the ENTER key.
Selecting the Network Interface for your WireGuard VPN Server
6. The first option that the installer will ask you to set for your Ubuntu WireGuard VPN server is the IPv4 network interface to listen on.
Depending on how your Ubuntu system is set up, there may be a fair few values listed here. Select the one for your primary network by pressing SPACEBAR, and then confirm the option change by pressing ENTER.
Typically, network adapters are identifiable through their names like “eth0
” or “wlan0
“.
7. If the installer has identified that your Ubuntu server has an IPv6 IP address it will also ask you to select the interface to use for IPv6-based connections.
In most typical setups, you will want to select the network interface you used in the previous step.
Once you are happy you have selected the right interface, press the ENTER key.
Static IP Address Warning
8. You will now be warned about not using Raspberry Pi OS. Don’t worry; this means the script won’t automatically handle setting a static IP, but that process isn’t complicated.
To proceed with installing a WireGuard VPN server on your Ubuntu system, simply press the ENTER key.
Select User to Manage WireGuard VPN Configurations
9. Our next step is to select the local user that will hold any configuration generated for your WireGuard VPN server.
For example, each user you generate through PiVPN will be stored within the chosen user’s home directory.
To continue setting this local user, press the ENTER key.
10. You will now be given a list of available users on your Ubuntu user. Select the user you use the most, and the one that is easiest to grab the generated client configurations from.
Once you are happy with the user that is selected, press the ENTER key.
Installing WireGuard VPN onto Ubuntu
11. You will now be asked what VPN you want to install onto your Ubuntu system. As we intend to use the WireGuard VPN, ensure that it is selected.
After selecting WireGuard, press the ENTER key to proceed with this guide.
12. With this next screen, you will be asked to specify the port that the WireGuard VPN should use on your Ubuntu system.
The default value is “51820
” and it is the one you should stick with unless you have a specific use case. To select this port, press the ENTER key.
13. Before the WireGuard port is set, you will be asked to confirm the setting. Please note if you are running this from your home, you will need to port forward this port to your Ubuntu machine.
If you are happy with using the provided port for your WireGuard VPN server on Ubuntu, press the ENTER key.
Selecting the DNS Provider
14. Your WireGuard VPN Server can use its own specific DNS provider. Scroll through this list until you find the DNS provider you want to use and select it using the SPACEBAR key.
Once you are happy with your selected DNS provider, press the ENTER key to confirm the selection.
Select Access Route for your Ubuntu WireGuard VPN Server
15. For clients to connect to your Ubuntu WireGuard VPN server, you will need to select either your public IP address or a DNS entry.
Sometimes the DNS entry can be a better choice, especially if you run this from a home network with a dynamic public IP address.
For our example, we will select the first option, which will configure the WireGuard clients to connect to our VPN using our public IP address.
After selecting an option, press the ENTER key.
Generating Keys
16. Due to the way WireGuard works, it will first need to generate encryption keys for the server itself. Both the clients and the server will have a separate set of keys.
To let the script generate the server keys, press ENTER.
Enable Unattended Upgrades
17. The PiVPN script we are using will now ask if you want to enable unattended-upgrades on your Ubuntu system.
Since we are installing WireGuard and will expose part of your system, you will likely want to enable this functionality.
This allows Ubuntu to upgrade packages automatically to help prevent security issues. Press the ENTER key to continue.
18. You will be prompted to select whether to enable this functionality.
For this guide, we will be selecting “<YES>
” and pressing the ENTER key. Automatic security patches is critical for any WireGuard VPN server on Ubuntu.
Finishing Up Installing WireGuard VPN onto Ubuntu
19. You have now successfully installed the WireGuard VPN to Ubuntu by using the PiVPN script.
This page gives you a quick description of how you can generate client profiles, but don’t worry, as we will explain how to do this later in the guide.
To continue, press the ENTER key.
20. Your next step is to restart your Ubuntu system. This ensures all configuration changes the PiVPN script makes are properly loaded.
When prompted if you want to restart your system, select “<Yes>
” and press ENTER.
21. You will now see a message that your system will reboot. Press the ENTER key to continue.
Adding your First VPN Client to your Ubuntu WireGuard Server
22. One of the neatest things about using PiVPN to manage our WireGuard VPN server on Ubuntu is that it makes adding new clients a significantly easier process.
To add a new client, use the following command in the terminal. You will be prompted to enter your password if you aren’t running as the superuser.
pivpn add
24. You will now be asked to give a name for your new WireGuard client. Make this something that clearly identifies the client.
This name can only contain letters, numbers, and a few select symbols (. - @ _
). Do not include spaces in your name.
Enter a Name for the Client:
25. Your new client will now be generated on your Ubuntu machine.
From this message, you can see where the configuration file for your new WireGuard VPN client is being stored on your server. This is the file you will want to copy to your other machines to connect to your WireGuard server.
::: Client Keys generated
::: Client config generated
::: Updated server config
::: WireGuard reloaded
======================================================================
::: Done! PiMyClient.conf successfully created!
::: PiMyClient.conf was copied to /home/pimyubu/configs for easy transfer.
::: Please use this profile only on one device and create additional
::: profiles for other devices. You can also use pivpn -qr
::: to generate a QR Code you can scan with the mobile app.
======================================================================
Generating a QR Code for your WireGuard VPN Client
26. To make connecting to your Ubuntu WireGuard VPN server a simpler process you can actually generate a QR code. This QR code can then be scanned by a WireGuard client to setup the connection without the need of manually transferring the config files.
You can use the following command to begin generating the QR code.
pivpn -qr
27. You will now be given a list of clients you have generated.
Type in the corresponding number for this client or the client’s name, and then press the ENTER key.
:: Client list ::
1) PiMyClient
Please enter the Index/Name of the Client to show:
28. The QR code for this client should now be shown on your screen. Scan it with the app, and you should be able to connect to your WireGuard VPN.
Conclusion
Hopefully, by this point in the guide, you will have successfully managed to set up the WireGuard VPN server on Ubuntu.
Thanks to its performance and security benefits, WireGuard is a great protocol for running your VPN server. While it can sometimes be tricky to set up initially, PiVPN simplifies this process.
Please feel free to leave a comment below if you have had any issues with setting up WireGuard on your VPN server.
If you found this tutorial to be helpful, we highly recommend checking out our many other Ubuntu tutorials.