WireGuard on Linux
About WireGuard
WireGuard is a modern VPN protocol that aims to be faster, more secure, and more useful than older solutions like OpenVPN or IPsec.
How To
Prerequisites
This article is a continuation of Wireguard Configuration article. Please ensure that you finish all steps described in this article.
Be aware that the configuration of Wireguard for Linux requires additional steps in compared to Windows/macOS. Configuration files created by Wedge require additional modification before use.
Configuration on Linux
Type IP a in the terminal to check available interfaces. Note down the IP address of the interface used to connect to the Internet. In the screenshot below, it’s 10.0.2.15/24.
- Login to the device and run the terminal.
- Type
ip ain the terminal to check available interfaces. Note down the IP address of the interface used to connect to the Internet. In the screenshot below, it’s10.0.2.15/24.
- Using the package manager, install the WireGuard client:
- for Ubuntu:
$ sudo apt install wireguard
- for Debian:
apt install wireguard - for others Unix-based systems check official documentation
- for Ubuntu:
- Log in to the Acreto Portal.
- Open your Ecosystem.
- From the left menu, choose Objects > Gateways and search for previously created Wireguard Gateway.
- Click on the Gear icon to edit the settings of the WireGuard gateway.
- Make sure that the values in the form are correct:
- WireGuard Client Local IP address is set to the value of the IP address for the Ubuntu machine - in this case,
10.0.2.15/24. - Make sure that Local Networks is set to mask that covers the IP address from the previous field - for example,
10.0.2.0/24.
- WireGuard Client Local IP address is set to the value of the IP address for the Ubuntu machine - in this case,
- Save the changes and commit to the Ecosystem.
- Click on the name of the Gateway to open the details screen.
- Click Generate new private and public key and confirm with yes.
- Click on the “Download configuration” (1) button and then on the Apply link (2) to commit a new configuration to the Ecosystem
- Transfer the downloaded configuration file to the Ubuntu machine.
- Using the terminal, rename the file and move it to the WireGuard directory
sudo mv ./path-to-file/donwloaded-file.conf /etc/wireguard/wg0.conf - Edit the file using nano by typing
sudo nano /etc/wireguard/wg0.conf:- Change AllowedIPs value to
0.0.0.0/0. - Remove the Address and its value.
- Save the file.
- Change AllowedIPs value to
- Start the connection based on file configuration using
wg-quick:sudo wg-quick up wg0
- Check the interface status by typing
sudo wg.
- Enable autostart of WireGuard:
sudo systemctl start wg-quick@wg0 - If you want to disconnect, type:
sudo wg-quick down wg0
At this point, the machine is connected to the Acreto Ecosystem by the WireGuard gateway. You may confirm that by checking logs available in Acreto Portal > Logs > Gateways.