WireGuard on Linux

About WireGuard

WireGuard is a modern VPN protocol that is designed to provide superior speed, security, and efficiency compared to older solutions like OpenVPN or IPsec.

How To

Prerequisites

This guide continues from the WireGuard Configuration article. Please ensure you have completed all steps in this article before proceeding.

Note that setting up WireGuard on Linux involves additional steps compared to Windows or macOS. Configuration files generated by Wedge require some modification before they can be used effectively.

Configuration on Linux

1. Check Available Interfaces: Open the terminal and type ip a to list all available network interfaces. Note the IP address of the interface used for the internet connection. In the example below, it is 10.0.2.15/24.

2. Install WireGuard Client: Use the package manager to install the WireGuard client:

   • Ubuntu: $ sudo apt install wireguard
   • Debian: apt install wireguard
   • For other Unix-based systems, refer to the official WireGuard documentation.

3. Log in to Acreto Portal: Access the Acreto Portal.

4. Configure the WireGuard Gateway:

   1. Open your Ecosystem in the Acreto Portal.
   2. From the left menu, select Objects > Gateways, and locate the previously created WireGuard Gateway.
   3. Click the gear icon to edit the gateway settings.
   4. Ensure the following settings are configured correctly:
   • WireGuard Client Local IP address: Set this to the IP address of the Ubuntu machine (e.g., 10.0.2.15/24).
   • Local Networks: Set this to a subnet mask that includes the IP address from the previous step (e.g., 10.0.2.0/24).

5. Save the changes and commit them to the Ecosystem.

6. Generate Keys and Download Configuration:

   1. Click on the Gateway name to access the details screen.
   2. Click Generate new private and public key and confirm.
   3. Click the “Download configuration” button and then apply the configuration changes to the Ecosystem.

7. Transfer the Configuration File: Transfer the downloaded configuration file to your Ubuntu machine.

8. Rename and Move the Configuration File: In the terminal, rename the file and move it to the WireGuard directory: sudo mv ./path-to-file/downloaded-file.conf /etc/wireguard/wg0.conf

9. Edit the Configuration File:

   1. Open the configuration file using nano: sudo nano /etc/wireguard/wg0.conf.
   2. Modify the following fields:
   • AllowedIPs: Set to 0.0.0.0/0.
   • Address: Remove this line and its associated value.
   1. Save and close the file.

10. Start the WireGuard Connection: Use wg-quick to start the connection: sudo wg-quick up wg0

11. Check Interface Status: Verify the interface status by running: sudo wg.

12. Enable Autostart: Enable WireGuard to start automatically upon system boot: sudo systemctl enable wg-quick@wg0

13. Disconnect: To disconnect the VPN, type: sudo wg-quick down wg0

Upon completing these steps, your machine will be connected to the Acreto Ecosystem via the WireGuard gateway. You can verify the connection status by checking the logs available in the Acreto Portal > Logs > Gateways.

See also

• List of other connectivity options