Install WireGuard Free VPN Server on Ubuntu Server.Always Free Oracle Cloud Tier

Introduction

In this tutorial, you will learn how to install and configure a WireGuard VPN server on an Ubuntu server using the Oracle Cloud Free Tier. WireGuard is a modern, high-performance VPN that is easy to set up and offers strong security features. By the end of this guide, you'll have a fully functional VPN server that can secure your internet connection.

Step 1: Install WireGuard

1. Update your system to ensure all packages are up to date:

   sudo apt update && sudo apt upgrade -y
   

2. Install WireGuard using the following command:

   sudo apt install wireguard -y
   

3. Verify installation by checking the WireGuard module:

   sudo modprobe wireguard
   

Step 2: Configure the Server

1. Create server keys for WireGuard:

   umask 077
   wg genkey | tee server_private.key | wg pubkey > server_public.key
   

2. Create the configuration file for the WireGuard server:

   sudo nano /etc/wireguard/wg0.conf
   

3. Add the following configuration to the file, replacing YOUR_SERVER_IP with your server's public IP address:

   [Interface]
   Address = 10.0.0.1/24
   ListenPort = 51820
   PrivateKey = <server_private_key>
   
   [Peer]
   PublicKey = <client_public_key>
   AllowedIPs = 10.0.0.2/32
   

4. Save and exit the file.

Step 3: Configure the Client

1. Generate client keys on the client machine:

   umask 077
   wg genkey | tee client_private.key | wg pubkey > client_public.key
   

2. Add the client to the server configuration by editing the wg0.conf file on the server again:

   sudo nano /etc/wireguard/wg0.conf
   

   Add a new [Peer] section for the client:

   [Peer]
   PublicKey = <client_public_key>
   AllowedIPs = 10.0.0.2/32
   

3. Start the WireGuard server:

   sudo wg-quick up wg0
   

4. Enable WireGuard to start on boot:

   sudo systemctl enable wg-quick@wg0
   

Step 4: Set iptables Rules

1. Allow traffic through the VPN by setting up iptables rules:

   sudo iptables -A INPUT -p udp --dport 51820 -j ACCEPT
   sudo iptables -A FORWARD -i wg0 -j ACCEPT
   sudo iptables -A FORWARD -o wg0 -j ACCEPT
   

2. Ensure that traffic is correctly routed:

   sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
   

Step 5: Configure Additional Client

1. Generate configuration settings for additional clients using the same method as before.

2. Repeat the steps for adding peers in the server configuration file for each new client.

Step 6: Generate QR Code for Mobile Clients

1. Install the QR code generator if not already installed:

   sudo apt install qrencode
   

2. Generate the QR code by running:

   qrencode -t ANSIUTF8 < /etc/wireguard/wg0.conf
   

Step 7: Make iptables Rules Permanent

1. Install iptables-persistent to save the rules:

   sudo apt install iptables-persistent
   

2. Save the current rules:

   sudo netfilter-persistent save
   

Conclusion

You have successfully installed and configured a WireGuard VPN server on Ubuntu. You can now connect clients securely to your server and enjoy enhanced privacy while browsing. Always remember to keep your server updated and monitor its security settings. For further customization, consider exploring advanced WireGuard features and configurations tailored to your specific needs.