How to Set Up WireGuard VPN on Ubuntu 20.04

One of the technologies that has recently been implemented in the kernel is Wireguard. That is why in this post, you will learn how to install Wireguard on Ubuntu 20.04 and have a reliable VPN server that is well integrated with the system.

What is Wireguard?

According to the Wireguard website:

WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general-purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable.

WireGuard has been designed to use VPN on Linux-based devices, and because it consumes few resources and thanks to the combination of cryptographic techniques used by WireGuard, the performance it provides is superior to IPSec and OpenVPN.

Thanks to this, WireGuard is being used more and more by users worldwide and by enterprise solutions that see in WireGuard a perfect VPN.

Install WireGuard on Ubuntu 20.04

First, access your server via SSH and update the distribution:

sudo apt update
sudo apt upgrade

Fortunately, the WireGuard package is available from the distribution’s official repositories. This makes the process so easy that it is summarized in this command:

sudo apt install wireguard

Once you enter your password, the process will start. You also have to open the UDP protocol port 61951 inside your Firewall. This port is where WireGuard works.

sudo ufw allow 61951/udp

For WireGuard to work you have to allow kernel-level network packet redirection. To do this you have to edit a configuration file called sysctl.conf.

sudo nano /etc/sysctl.conf

And uncomment the following line:


Save the changes and close the text editor.

To check that the change has taken effect run this command

sudo sysctl -p

And you will get an output screen like this:

net.ipv4.ip_forward = 1

Now we have to continue configuring WireGuard.

Configuring WireGuard on Ubuntu 20.04

Even though we already have WireGuard in the system, it is not yet configured. But we have to do that in this step.

So, it generates the private keys that the server will use to allow client connections. Note that each client has to generate its keys as well.

wg genkey | sudo tee /etc/wireguard/server_private.key | wg pubkey | sudo tee /etc/wireguard/server_public.key

Sample Output:


Now for security, make it accessible only to the root user:

sudo chmod 600 /etc/wireguard/server_private.key

After that, it is necessary to create the main configuration file that will govern WireGuard.

Create it with the following command:

sudo nano /etc/wireguard/wg0.conf

And add the following content:

# Server configuration
PrivateKey = gbohCfIuonz9anr9izMK7bMzRA2S4Y4doUdQfS7YQ2Y=
Address =
ListenPort = 61951

PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE

PublicKey = gsgfB29uYjpuFTCjC1+vHr9M7++MHJcG6Eg4rtuTu34= 
AllowedIPs =

I proceed to explain:

  • PrivateKey: You have to put the value of the Key you have generated.
  • Address: IP address of the server
  • ListenPort: The port where WireGuard will work. It has to be open in the port.
  • PostUp and PostDown: Replace wg0 with the name of the network interface that the VPN will use. These lines contain instructions for the firewall.
  • Peer: This section contains information about each client that will connect. Therefore you have to add a new section for each of them.
  • PublicKey: Client’s key value.
  • AllowedIPs: Internal IP address of the VPN client.

Save the changes and close the editor.

After that, start the service and enable it to start with the system:

sudo systemctl start wg-quick@wg0
sudo systemctl enable wg-quick@wg0

Remember to replace wg0 with the name of the network interface you will be using.

Configuring the client

Now that the server is ready, it is time to do the same with the client:

In the case of the client, we will use another computer with Ubuntu 20.04 and we will have to install the necessary packages:

sudo apt install wireguard resolvconf

And generate the private key

wg genkey | sudo tee /etc/wireguard/client_private.key | wg pubkey | sudo tee /etc/wireguard/client_public.key

Sample output:


Make the root user the one who has permissions on the file:

sudo chmod 600 /etc/wireguard/client_private.key

And now it is necessary to create the client configuration file:

sudo nano /etc/wireguard/wg0.conf

and add the following content:

# Client configuration
PrivateKey = gbohCfIuonz9anr9izMK7bMzRA2S4Y4doUdQfS7YQ2Y= 
Address = 

# Server configuration

PublicKey = MFhd1/CB9CPRRnydhokzgBcU3CWZVNkwuv468Io68Xo= 
AllowedIPs = 
Endpoint = 
PersistentKeepalive = 25

The values are very similar to the server one so I will go a little bit faster. In the [interface] section you add the client parameters like PrivateKey, Address which is the IP address of the client, and the DNS.

Then comes the server section, and in PublicKey you have to add the server one. In the AllowedIPs value, you set the addresses that will be routed through the VPN tunnel. In this case, they are set to all. The EndPoint value refers to the Ip address of the server along with the port set for WireGuard.

Save the changes and close the editor.

To establish a connection to the VPN, you have to run:


And you are all set.


WireGuard is a recent technology that already shows that it will be of great help for private and secure connections. Setting it up is not as complex as you might think but it does require some configuration files to help you with the task.

Scroll to Top