Let's Talk: Ubuntu 20 ‐ WireGuard Kernel Protocol
Howdy folks!
If you’ve read some of my latest blog posts, you’ll notice that I’ve been hopping over to the updated versions of my virtual machines latest operating systems, respectively. Last Ubuntu machine I used was Ubuntu 19, but to my surprise a mere three days later Ubuntu 20 was released! Focal Fossa as it is aptly named!
There’s a lot of great new features and updates in this version of Ubuntu but I wanted to focus on something pretty new and cool, which is the integration of WireGuard to the Ubuntu Kernel!
The legendary Linus Torvalds merged WireGuard into his source tree for version 5.6. of the Linux Kernel, which is amazing; as WireGuard is a VPN solution and being built into the kernel allows for even easier deployment of secure communications! WireGuard itself has made a name for itself by having its protocol be easily configured and deployed as SSH!
You can hear more about WireGuard and its creation from the creator here in this interview by PropPrivacy, https://proprivacy.com/privacy-news/wireguard-vpn-protocol
So with the introduction of this new WireGuard Protocol into the Linux Kernel, let’s test it out and take WireGuard for a test by spinning up an Ubuntu 20 server ourselves!
How To Install WireGuard on Ubuntu 20:
james@ubuntuTwenty:~$: sudo apt install wireguard
james@ubuntuTwenty:~$: cd /etc/wireguard/
james@ubuntuTwenty:~$: sudo umask 077; wg genkey | tee privatekey | wg pubkey > publickey
james@ubuntuTwenty:~$: cat privatekey
#take note of the private key as we'll need this
james@ubuntuTwenty:~$: sudo vim /etc/wireguard/wg0.conf
- Ensure the config file has all that’s necessary
## Set Up WireGuard VPN on Ubuntu By Editing/Creating wg0.conf File ##
[Interface]
## My VPN server private IP address ##
Address = 192.168.6.1/24
## My VPN server port ##
ListenPort = 41194
## VPN server's private key i.e. /etc/wireguard/privatekey ##
PrivateKey = [InsertPrivateKeyHere]
## Save and update this config file when a new peer (vpn client) added ##
SaveConfig = true
-
Take note of this config file, be weary as a clever professional makes sure they know everything for their config, especially if they have a network monitoring solution in place 😉
-
Let’s keep configuring! Notice that port 🙂
root@ubuntuTwenty:~$: exit
james@ubuntuTwenty:~$: sudo ufw allow 41194/udp
james@ubuntuTwenty:~$: sudo systemctl enable wg-quick@wg0
james@ubuntuTwenty:~$: sudo systemctl start wg-quick@wg0
james@ubuntuTwenty:~$: sudo systemctl status wg-quick@wg0
#You should see the status of wireguard running
james@ubuntuTwenty:~$: sudo wg
james@ubuntuTwenty:~$: sudo ip a show wg0
#Running that last command will showcase that the wireguard interface is up and running on wg0 and you should be good to connect a client.
- Now We’re Gonna Move Over To A Client
james@ubuntuClient:~$: sudo apt install wireguard
#that same commands works on client now we need to create the config
james@ubuntuClient:~$: sudo sh -c 'umask 077; touch /etc/wireguard/wg0.conf'
james@ubuntuClient:~$: sudo -i
- We’re escalating to root, be careful now :P
root@ubuntuClient:~$: cd /etc/wireguard/
root@ubuntuClient:~$: umask 077; wg genkey | tee privatekey | wg pubkey > publickey
root@ubuntuClient:~$: cat privatekey
#again take note of this
root@ubuntuClient:~$: sudo vim /etc/wireguard/wg0.conf
- Ensure the file is similar but take note that this time we’re noting the server’s public key
[Interface]
## This Desktop/client's private key ##
PrivateKey = [ClientPrivateKeyHere]
## Client ip address ##
Address = 192.168.6.2/24
[Peer]
## Ubuntu 20.04 server public key ##
PublicKey = [ServerPublicKeyHere]
## set ACL This Allows the subnet ##
AllowedIPs = 192.168.6.0/24
## Your Ubuntu 20.04 LTS server's public IPv4/IPv6 address and port ##
Endpoint = [PublicServerAddress]:41194
## Key connection alive ##
PersistentKeepalive = 15
- Exit the file. Take note of the config
root@ubuntuClient:~$: exit
james@ubuntuClient:~$: sudo systemctl enable wg-quick@wg0
james@ubuntuClient:~$: sudo systemctl start wg-quick@wg0
james@ubuntuClient:~$: sudo systemctl status wg-quick@wg0
-
Now that we’ve ensured WireGuard is setup on the client we need to configure the server side peer-to-peer vpn option.
- Let’s go back to the server and add the client
james@ubuntuTwenty:~$: sudo vim /etc/wireguard/wg0.conf
- Remember that client public key and add this to the config file
[Peer]
## Desktop/client VPN public key ##
PublicKey = [ClientPublicKey]
## client VPN IP address (note the /32 subnet) ##
AllowedIPs = 192.168.6.2/32
- save and close the file, then start the WireGuard service
james@ubuntuTwenty:~$: sudo systemctl start wg-quick@wg0
- On the client now let’s ping and then start WireGuard
james@ubuntuClient:~$: ping -c 4 192.168.6.1
james@ubuntuClient:~$: sudo wg
There you have it folks!!
If you would like more information about WireGuard check out their documentation! https://www.wireguard.com/