WireGuard is an extremely easy, fast, and modern VPN solution which utilizes state-of-the-art cryptography. According to a few different benchmark tests, WireGuard is currently the fastest VPN solution in comparison to IPSec and OpenVPN. In this guide, you'll learn how to establish a WireGuard connection between two servers.
The installation of WireGuard itself is very easy and can be done with 4 steps. Firstly, we have to install the kernel headers as well as the build essentials and various other required packages:
apt-get install libmnl-dev linux-headers-$(uname -r) build-essential make git
Once this step has completed, we can continue with pulling WireGuard from the Git repository:
git clone https://git.zx2c4.com/WireGuard
As of now, we have all required packages installed as well as cloned WireGuard to
WireGuard/. We are able to continue with the build process of WireGuard and install it:
cd WireGuard/src/ make make install
Right after the
make install process completes without errors, we can continue with running exactly the same steps on the other server. After that finishes, jump to the next section of this guide - the configuration process.
The creation of a tunnel with WireGuard is very easy and done using a few commands. We start by creating our VPN interface:
ip link add dev wg0 type wireguard
Next, we generate our private key which will be used to encrypt the data between both parties:
umask 077 wg genkey > private
At this point, we have all requirements fulfilled to create the tunnel itself:
wg set wg0 listen-port 51920 private-key ~/private peer <PEER_PUBLIC_KEY> allowed-ips 192.168.2.0/24 endpoint <OTHER_SERVER_IP>:51920
Note: You have to run this command on both servers, with the following arguments adjusted:
In order to read the public key on both servers, we have to run the following command to convert the private key to a public key and read it then:
wg pubkey < private > public cat public
Finally, we can assign the IP addresses to our interface (
.1 for the first server,
.2 for the second server ):
ip link set up dev wg0 ip addr add 192.168.2.1/24 dev wg0
Try to ping the other server using the following command on the first server:
If you see responses from the server, your installation is correct and the VPN link is running. If you don't get any response or errors, review the commands you've executed on both servers and verify that you have adjusted the arguments accordingly.
WireGuard is a secure VPN solution which is very easy to use. It works well over many network topologies including (but not limited to): connections between servers, backbone usage, personal VPN networks, and roaming VPN networks. For additional documentation, visit the official site. Happy hacking!