Create a Secure Connection Between Two Servers Using WireGuard on Ubuntu

Published on: Fri, Sep 30, 2016 at 12:19 pm EST
Linux Guides Server Apps Ubuntu

Introduction

WireGuard is an extremely easy, fast, and modern VPN solution which utilizes state-of-the-art cryptography. According to a few different benchmark tests, WireGuard is currently the fastest VPN solution in comparison to IPSec and OpenVPN. In this guide, you'll learn how to establish a WireGuard connection between two servers.

Requirements

  • Ubuntu or Debian
  • Kernel 4.1 or newer

Installation and Clone

The installation of WireGuard itself is very easy and can be done with 4 steps. Firstly, we have to install the kernel headers as well as the build essentials and various other required packages:

apt-get install libmnl-dev linux-headers-$(uname -r) build-essential make git

Once this step has completed, we can continue with pulling WireGuard from the Git repository:

git clone https://git.zx2c4.com/WireGuard

Build

As of now, we have all required packages installed as well as cloned WireGuard to WireGuard/. We are able to continue with the build process of WireGuard and install it:

cd WireGuard/src/
make
make install

Right after the make install process completes without errors, we can continue with running exactly the same steps on the other server. After that finishes, jump to the next section of this guide - the configuration process.

Configuration

The creation of a tunnel with WireGuard is very easy and done using a few commands. We start by creating our VPN interface:

ip link add dev wg0 type wireguard

Next, we generate our private key which will be used to encrypt the data between both parties:

umask 077
wg genkey > private

At this point, we have all requirements fulfilled to create the tunnel itself:

wg set wg0 listen-port 51920 private-key ~/private peer <PEER_PUBLIC_KEY> allowed-ips 192.168.2.0/24 endpoint <OTHER_SERVER_IP>:51920

Note: You have to run this command on both servers, with the following arguments adjusted: PEER_PUBLIC_KEY and OTHER_SERVER_IP.

In order to read the public key on both servers, we have to run the following command to convert the private key to a public key and read it then:

wg pubkey < private > public
cat public

Finally, we can assign the IP addresses to our interface ( .1 for the first server, .2 for the second server ):

ip link set up dev wg0
ip addr add 192.168.2.1/24 dev wg0

Testing

Try to ping the other server using the following command on the first server:

ping 192.168.2.2

If you see responses from the server, your installation is correct and the VPN link is running. If you don't get any response or errors, review the commands you've executed on both servers and verify that you have adjusted the arguments accordingly.

Conclusion

WireGuard is a secure VPN solution which is very easy to use. It works well over many network topologies including (but not limited to): connections between servers, backbone usage, personal VPN networks, and roaming VPN networks. For additional documentation, visit the official site. Happy hacking!

Want to contribute ?

You could earn up to $300 by adding new articles