How can I  create a Point-To-Point Virtual private with WireGuard on Ubuntu


Toda a lot of people are using the website and web hosting services for their business and the reason behind it is that today everyone is using the internet service. And today if you have a website then you can easily showcase your business products and services to the people around you and also to the people across the globe. And today most of the business are using the cloud server to host their website and the reason behind it that you can easily manage and handle your website. Moreover, by using cloud hosting server you can easily access to your business data and files at any time at any place via the internet.


Today if you are already using cloud hosting service for your business and now if you are looking for information on how to create a  Point-To-Point VPN with WireGuard on Ubuntu in Cloud server then here is the complete information on it. WireGuard is a modern invention with high-performance VPN which is designed to use easily by providing robust security. And a WireGuard focuses only on providing a secure connection between parties over a network interface encrypted with public key authentication. WireGuard offers great power and flexibility where you can use it as per your requirements.


====>> First you need to install the software, but before that you need to add the WireGuard PPA to your system to configure access to the packages.


$      sudo add-apt-repository ppa:wireguard/wireguard


>>> Now in here you need to click on Enter to add the new package source to configure apt. Once after adding it, you need to update it using the below command.


$     sudo apt-get update

$     sudo apt-get install wireguard-dkms wireguard-tools


====>> Once after installing it you need to create a private key, So to generate a private key and write it directly to a WireGuard configuration file, use the below command


$    (umask 077 && printf "[Interface]\nPrivateKey = " | sudo tee /etc/wireguard/wg0.conf > /dev/null)

$     wg genkey | sudo tee -a /etc/wireguard/wg0.conf | wg pubkey | sudo tee /etc/wireguard/publickey


====>> Now you need to create an initial configuration file, so you need to open the configuration file and you need to edit it


$    sudo nano /etc/wireguard/wg0.conf


>>> Later you need to configure the interface sections, and now in here you need to use the port and it will listen on for connections from peers.


                         /etc/wireguard/wg0.conf


[Interface]

PrivateKey = generated_private_key

ListenPort = 5555

SaveConfig = true


>>> Now you will get our first server address of 20.0.4.1


                             /etc/wireguard/wg0.conf on first server


[Interface]

PrivateKey = generated_private_key

ListenPort = 5555

SaveConfig = true

Address = 20.0.4.1/24


>>> And this is our second server details of 20.0.4.2


                       /etc/wireguard/wg0.conf on second server


[Interface]

PrivateKey = generated_private_key

ListenPort = 5555

SaveConfig = true

Address = 20.0.4.2/24


>>> Now in here you need to define the Peer Section, to do so you need to set the PublicKey to the value of the first server - /etc/wireguard/publickey on the opposite server.



                   /etc/wireguard/wg0.conf on second server


[Interface]

. . .


[Peer]

PublicKey = public_key_of_first_server

AllowedIPs = 20.0.4.1/32


>>> Now in this step you can set the endpoint to the first server public IP address and you need to set the initial value so that this server can initiate contact


                  /etc/wireguard/wg0.conf on second server


[Interface]

. . .


[Peer]

PublicKey = public_key_of_first_server

AllowedIPs = 20.0.4.1/32

Endpoint = public_IP_of_first_server:5555


>>> Now you have to start the VPN and Connecting to Peers, we here currently prepared to begin WireGuard on every server and design the association between our two companions.


>>> Now you need to open the firewall and you need to start the VPN, but before that you need to open up the WireGuard port in the firewall port in each server


$    sudo ufw allow 5555


>>> Now you need to start the wg-quick service using the wg0 interface file


$    sudo systemctl start wg-quick@wg0


>>> Once after starting the  wg0 network interface on the machin you need to confirm by using the below command


$    ip addr show wg0


Output on first server


6: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1

   link/none

   inet 20.0.4.1/24 scope global wg0

      valid_lft forever preferred_lft forever


>>> Now in this stage you can use the wg tool to view information about the active configuration of the VPN


$    sudo wg


>>> Now on the other server without any peer definition and it will look like this-


            Output on first server


interface: wg0

 public key: public_key_of_this_server

 private key: (hidden)

 listening port: 5555


>>> And now on the server with a peer configuration which is already defined


          Output on second server


interface: wg0

 public key: public_key_of_this_server

 private key: (hidden)

 listening port: 5555


peer: public_key_of_first_server

 endpoint: public_IP_of_first_server:5555

 allowed ips: 20.0.4.1/32


>>> Now you need to add the missing Peer information on the command line on your first server.


$    sudo wg set wg0 peer public_key_of_second_server endpoint public_IP_of_second_server:5555 allowed-ips 20.0.4.1/32


>>> At this stage you can confirm the information is now in the active configuration by typing sudo wg again on the first server


$    sudo wg


  Output on first server


interface: wg0

 public key: public_key_of_this_server

 private key: (hidden)

 listening port: 5555


peer: public_key_of_second_server

 endpoint: public_IP_of_second_server:5555

 allowed ips: 20.0.4.2/32


>>> In here our point-to-point connection should now be available.  And now you have to try to ping the VPN address of the second server


ping -c 3 10.0.0.2

Output on first server

PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.

64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.745 ms

64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=0.555 ms

64 bytes from 10.0.0.2: icmp_seq=3 ttl=64 time=0.799 ms


--- 10.0.0.2 ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 2845ms

rtt min/avg/max/mdev = 0.615/0.697/0.841/0.102 ms


>>> Now if everything is working fine then you need to save the configuration on the first server back to the /etc/wireguard/wg0.conf file and next you need to restart the server


$    sudo systemctl restart wg-quick@wg0


>>> And now if you want to start the tunnel at boot  you need to enable the servic on your server and to do so use the below command


$    sudo systemctl enable wg-quick@wg0