How to Set up WireGuard VPN on Ubuntu 22.04

How to Set up WireGuard VPN on Ubuntu 22.04


In today’s digital age, where online privacy and data security have become paramount concerns, Virtual Private Networks (VPNs) have emerged as indispensable tools for safeguarding our internet activities. Among the wide array of VPN solutions available, WireGuard has garnered significant attention and popularity for its groundbreaking simplicity, lightning-fast performance, and robust cryptographic design.

If you’re looking to enhance your online privacy and protect sensitive information from prying eyes, WireGuard offers an innovative approach that sets it apart from traditional VPN protocols. In this step-by-step tutorial, we will guide you through the seamless process of installing and configuring WireGuard on your Ubuntu 22.04 server. Additionally, we’ll demonstrate how to create new users, each with their dedicated keys, enabling secure and anonymous connections.

Experience seamless web application hosting with DevOps Cloud – the cloud platform for PHP, Java, Node.js, Docker, Kubernetes, WordPress and more.

Whether you’re a seasoned sysadmin or a VPN enthusiast, this comprehensive guide will equip you with the knowledge and confidence to deploy WireGuard effortlessly and take full advantage of its cutting-edge features.

If you need a VPS, you can find one here:

Part 1: Install WireGuard

To begin, we’ll install the WireGuard package on your Ubuntu 22.04 server.

Step 1:
Update the package list and install WireGuard:

sudo apt update
sudo apt install wireguard

Step 2:
Verify that the WireGuard module is loaded:

sudo modprobe wireguard

Step 3:
Ensure the module loads at boot time:

sudo echo "wireguard" >> /etc/modules

Part 2: Generate Public and Private Keys

Now, let’s generate the private and public keys needed for WireGuard.

Step 1:
Generate the server’s private and public keys:

wg genkey | sudo tee /etc/wireguard/privatekey | wg pubkey | sudo tee /etc/wireguard/publickey

Step 2:
Secure the private key file:

sudo chmod 600 /etc/wireguard/privatekey

Part 3: Configure WireGuard

With the keys generated, we’ll proceed to configure the WireGuard interface.

Step 1:
Create a new configuration file for the WireGuard interface (e.g., wg0):

sudo nano /etc/wireguard/wg0.conf

Step 2:
Add the following configuration to wg0.conf, customizing the address range and port as needed:

Address =      # Replace with your desired IP range
ListenPort = 51820        # Change this port if needed

# Uncomment the following if using a cloud server or behind NAT
# PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ensX -j MASQUERADE
# PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ensX -j MASQUERADE

Replace <SERVER_PRIVATE_KEY> with the content of /etc/wireguard/privatekey generated earlier. If necessary, uncomment the PostUp and PostDown lines and replace ensX with your external network interface.

Step 3:
Save and exit the wg0.conf file.

Part 4: Start the WireGuard Service

It’s time to start the WireGuard service.

Step 1:
Initiate the WireGuard service:

sudo systemctl start wg-quick@wg0

Step 2:
Enable WireGuard to start on boot:

sudo systemctl enable wg-quick@wg0

Part 5: Create New Users

Now, let’s create new users and generate their private and public keys.

Step 1:
Generate private and public keys for each user:

wg genkey | sudo tee /etc/wireguard/client_privatekey1 | wg pubkey | sudo tee /etc/wireguard/client_publickey1
wg genkey | sudo tee /etc/wireguard/client_privatekey2 | wg pubkey | sudo tee /etc/wireguard/client_publickey2
# Generate keys for more users as needed

Step 2:
Create a new configuration file for each user. Replace user1 and user2 with your desired usernames:

sudo nano /etc/wireguard/user1.conf

Step 3:
Add the following content to each user’s configuration file, replacing the placeholders with the corresponding keys and server’s public IP address:

Address =                # Assign a unique IP address for each user
DNS =                        # Optional: Set preferred DNS server

AllowedIPs =
Endpoint = YOUR_SERVER_PUBLIC_IP:51820

Replace <CLIENT_PRIVATE_KEY> with the content of the corresponding client private key and <SERVER_PUBLIC_KEY> with the content of /etc/wireguard/publickey generated earlier. Modify the IP address and DNS settings as desired.

Step 4: Save and close each user’s configuration file.
This file gets used with the WireGuard client to connect to your VPN.


You also need to add each user to the wg0.conf file under all the settings:

PublicKey = <USER_PUBLIC_KEY> 
AllowedIPs =

Save after adding each user, and restart the WireGuard service.

Part 6: Restart the WireGuard Service

Whenever you make changes to the WireGuard configuration files, you need to restart the service for the changes to take effect.

sudo systemctl restart wg-quick@wg0

Now that your WireGuard VPN is up and running, you may want to connect to it from various devices. Thankfully, WireGuard has clients available for multiple platforms, making it convenient to access your VPN from desktops, laptops, smartphones, and even routers. Below are the links to download the WireGuard clients for some popular platforms:

  1. Windows: Download WireGuard for Windows
  2. macOS: Download WireGuard for macOS
  3. Linux: Refer to your distribution’s package manager or visit WireGuard installation guide for specific instructions.
  4. Android: Download WireGuard for Android
  5. iOS: Download WireGuard for iOS

With these clients, you can easily establish secure connections to your WireGuard VPN and protect your data across various devices and networks. Remember to import the respective client configuration files generated earlier to initiate connections seamlessly.

Virtual Private Networks (VPNs) have become an essential tool for securing your online connections and maintaining privacy. By harnessing the power of WireGuard, you have embraced a contemporary VPN solution that surpasses conventional protocols in terms of speed, efficiency, and security. Whether you are an individual seeking to safeguard personal information or a business safeguarding critical data, WireGuard’s streamlined architecture and cryptographic excellence have you covered. Embrace the future of VPN technology and enjoy safe, encrypted browsing with WireGuard!

Leave a Reply