{"id":303,"date":"2023-02-15T04:58:14","date_gmt":"2023-02-15T04:58:14","guid":{"rendered":"https:\/\/techtutelage.net\/?p=303"},"modified":"2024-02-13T19:28:51","modified_gmt":"2024-02-13T19:28:51","slug":"install-wireguard-vpn-on-ubuntu-server","status":"publish","type":"post","link":"https:\/\/techtutelage.net\/?p=303","title":{"rendered":"Install WireGuard VPN on Ubuntu Server"},"content":{"rendered":"\n<iframe loading=\"lazy\" width=\"560\" height=\"315\" src=\"https:\/\/www.youtube.com\/embed\/0i2IJWU0f6w\" title=\"YouTube video player\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" allowfullscreen=\"\"><\/iframe>\n\n\n\n<p>Learn how to install and configure WireGuard VPN on remote headless ubuntu server. For this particular example I am using Always Free Oracle Cloud instance, but this instructions should work on any ubuntu server.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Install WireGuard<\/h2>\n\n\n\n<p>Start with updating the package sources list with the latest version of packages in the repositories and install WireGuard.<\/p>\n\n\n\n<pre class=\"wp-block-code has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><code>apt update \napt install wireguard<\/code><\/pre>\n\n\n\n<p>WireGuard installation will create a directory \/etc\/wireguard. To set the default file creation permission to 600, navigate to \/etc\/wireguard and change the umask to 077.<\/p>\n\n\n\n<pre class=\"wp-block-code has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><code>cd \/etc\/wireguard\numask 077<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Configure Wireguard Server<\/h2>\n\n\n\n<p>Next generate public and private key pair for the WireGuard server.<\/p>\n\n\n\n<pre class=\"wp-block-code has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><code>wg genkey | tee server-privatekey | wg pubkey > server-publickey<\/code><\/pre>\n\n\n\n<p>Get the content of the two files, by running the following command<\/p>\n\n\n\n<pre class=\"wp-block-code has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><code>tail -n +1 server-privatekey server-publickey<\/code><\/pre>\n\n\n\n<p>Store the output of the command in a place handy for copy and paste, as you will need to use it later.<\/p>\n\n\n\n<pre class=\"wp-block-code has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><code>==> server-privatekey &lt;==\nGK+wX0XxaUY9rlQOHCdF3teRZttWXADMVZ5eLfQa80c=\n\n==> server-publickey &lt;==\nvaXI0PRL35MNjlfZSQSrTBVzmJZhGtPv9OmeFZW0hF0=<\/code><\/pre>\n\n\n\n<p>Next create wg0.conf file. This file will be your WireGurad server configuration file. You can create the file by executing the following command.<\/p>\n\n\n\n<pre class=\"wp-block-code has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><code>nano wg0.conf<\/code><\/pre>\n\n\n\n<p>Next paste the following configuration settings in to the wg0.conf file. Make sure to replace the &#8220;PrivateKey&#8221; value with the private key you generated earlier.<\/p>\n\n\n\n<pre class=\"wp-block-code has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><code>&#91;Interface]\nAddress = 10.16.0.1\/32\nListenPort = 51820\nPrivateKey = GK+wX0XxaUY9rlQOHCdF3teRZttWXADMVZ5eLfQa80c=<\/code><\/pre>\n\n\n\n<p>You can go ahead save the changes and close the wg0.conf file (Ctrl-x press Y press Enter). Then you can go ahead and add the WireGuard service to systemd so it starts automatically on boot. Start the WireGuard service and check its status to make sure it is running.<\/p>\n\n\n\n<pre class=\"wp-block-code has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><code>systemctl enable wg-quick@wg0\nsystemctl start wg-quick@wg0\nsystemctl status wg-quick@wg0<\/code><\/pre>\n\n\n\n<p>If everything is working you should get an output similar to this<\/p>\n\n\n\n<pre class=\"wp-block-code has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><code>\u25cf wg-quick@wg0.service - WireGuard via wg-quick(8) for wg0\n     Loaded: loaded (\/lib\/systemd\/system\/wg-quick@.service; enabled; vendor preset: enabled)\n     Active: active (exited) since Mon 2023-03-13 04:02:58 UTC; 13ms ago\n       Docs: man:wg-quick(8)\n             man:wg(8)\n             https:&#47;&#47;www.wireguard.com\/\n             https:\/\/www.wireguard.com\/quickstart\/\n             https:\/\/git.zx2c4.com\/wireguard-tools\/about\/src\/man\/wg-quick.8\n             https:\/\/git.zx2c4.com\/wireguard-tools\/about\/src\/man\/wg.8\n    Process: 2662 ExecStart=\/usr\/bin\/wg-quick up wg0 (code=exited, status=0\/SUCCESS)\n   Main PID: 2662 (code=exited, status=0\/SUCCESS)\n        CPU: 31ms<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Configure Client<\/h2>\n\n\n\n<p>Once you have confirmed that WireGuard service is up and running. It is time to set up the first client. Start by creating a directory named after the client, and generating private and public key pair for the client. You can do it by running the following commands.<\/p>\n\n\n\n<pre class=\"wp-block-code has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><code>mkdir \/etc\/wireguard\/mac\ncd \/etc\/wireguard\/mac\nwg genkey | tee mac-privatekey | wg pubkey > mac-publickey<\/code><\/pre>\n\n\n\n<p>Same as you did with the server&#8217;s key pair get the content of the two files and put it in a place handy for copy and paste, as you will need to use it later.<\/p>\n\n\n\n<pre class=\"wp-block-code has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><code>tail -n +1 mac-privatekey mac-publickey<\/code><\/pre>\n\n\n\n<p>Content of public and private client keys<\/p>\n\n\n\n<pre class=\"wp-block-code has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><code>==> mac-privatekey &lt;==\ncMLgt4BVDe+qtm+50QGVrPULXSYKU120yfSoywlv1nI=\n\n==> mac-publickey &lt;==\nS\/rtqRg8TSscZfgLluwOcidGH8iKjtZEVjj68QtiCkM=<\/code><\/pre>\n\n\n\n<p>Create client configuration file wg0-mac.conf<\/p>\n\n\n\n<pre class=\"wp-block-code has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><code>nano wg0-mac.conf<\/code><\/pre>\n\n\n\n<p> Copy and paste the following configuration settings in to the wg0-mac.conf file. Make sure to replace the &#8220;PrivateKey&#8221; value with the client&#8217;s private key you generated in the previous step, and the &#8220;PublicKey&#8221; under [Peer] with the server&#8217;s public key you generated earlier, also replace the value of &#8220;Endpoint&#8221; under [Peer] with your server&#8217;s public IP or domain name. Your wg0-mac.conf  file should look similar to this<\/p>\n\n\n\n<pre class=\"wp-block-code has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><code>&#91;Interface]\nPrivateKey = cMLgt4BVDe+qtm+50QGVrPULXSYKU120yfSoywlv1nI=                                          \nAddress = 10.16.0.2\/24\nDNS = 1.1.1.1, 8.8.8.8\n\n&#91;Peer]\nPublicKey = vaXI0PRL35MNjlfZSQSrTBVzmJZhGtPv9OmeFZW0hF0= \nAllowedIPs = 0.0.0.0\/0\nEndpoint = 158.101.116.201:51820<\/code><\/pre>\n\n\n\n<p>You can go ahead save the changes and close the wg0-mac.conf file (Ctrl-x press Y press Enter). The next thing you need to do is, add your client to the server configuration file to allow for connection. To do that open the wg0.conf file.<\/p>\n\n\n\n<pre class=\"wp-block-code has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><code>nano  \/etc\/wireguard\/wg0.conf<\/code><\/pre>\n\n\n\n<p>Add the following configuration to the wg0.conf file, make sure to replace &#8220;PublicKey&#8221; with your client&#8217;s public key.<\/p>\n\n\n\n<pre class=\"wp-block-code has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><code>&#91;Peer]\nPublicKey = S\/rtqRg8TSscZfgLluwOcidGH8iKjtZEVjj68QtiCkM= \nAllowedIPs = 10.16.0.2\/32<\/code><\/pre>\n\n\n\n<p>At this point your wg0.conf configuration file should look similar to this<\/p>\n\n\n\n<pre class=\"wp-block-code has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><code>&#91;Interface]\nAddress = 10.16.0.1\/32\nListenPort = 51820\nPrivateKey = GK+wX0XxaUY9rlQOHCdF3teRZttWXADMVZ5eLfQa80c=\n\n&#91;Peer]\nPublicKey = S\/rtqRg8TSscZfgLluwOcidGH8iKjtZEVjj68QtiCkM= \nAllowedIPs = 10.16.0.2\/32<\/code><\/pre>\n\n\n\n<p>Next, restart your WireGuard service and take a look at it with &#8220;wg&#8221; command.<\/p>\n\n\n\n<pre class=\"wp-block-code has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><code>systemctl restart wg-quick@wg0\nwg<\/code><\/pre>\n\n\n\n<p>You should see an output similar to the one below. You can see that your server has wg0 interface that is listening on port 51820, and you are allowing connections to one client with public key and IP that should match the public key and IP of your client.<\/p>\n\n\n\n<pre class=\"wp-block-code has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><code>interface: wg0\n  public key: vaXI0PRL35MNjlfZSQSrTBVzmJZhGtPv9OmeFZW0hF0=\n  private key: (hidden)\n  listening port: 51820\n\npeer: S\/rtqRg8TSscZfgLluwOcidGH8iKjtZEVjj68QtiCkM=\n  allowed ips: 10.16.0.2\/32<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Firewall Rules and Configuration<\/h2>\n\n\n\n<p>Next, you will have to make sure that your system has iptables installed. You can do it by running the following command<\/p>\n\n\n\n<pre class=\"wp-block-code has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><code>apt install iptables -y<\/code><\/pre>\n\n\n\n<p>If iptables exists on your system you will get output similar to the one below, if it doesn&#8217;t exist the above command will install it for you.<\/p>\n\n\n\n<pre class=\"wp-block-code has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><code>Reading package lists... Done\nBuilding dependency tree... Done\nReading state information... Done\niptables is already the newest version (1.8.7-1ubuntu5).\niptables set to manually installed.\n0 upgraded, 0 newly installed, 0 to remove and 45 not upgraded.<\/code><\/pre>\n\n\n\n<p>After you confirm that you have iptables you will need to collect the name of your public facing network interface. You can do it by running the command below<\/p>\n\n\n\n<pre class=\"wp-block-code has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><code>ip link<\/code><\/pre>\n\n\n\n<p>As you can see from the output below I have loopback interface &#8220;lo&#8221;, and WireGuard interface the &#8220;wg0&#8221;, which leaves me with &#8220;enp0s3&#8221; to be my public facing interface. If you have left more than one interface after you rule out &#8220;lo&#8221; and &#8220;wg0&#8221; you will need to do some more digging, but if you are like me and only have three, whichever is left is most likely your public facing interface. Take a note of it as you will need it in the next step.<\/p>\n\n\n\n<pre class=\"wp-block-code has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><code>1: lo: &lt;LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000\n    link\/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n2: enp0s3: &lt;BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000\n    link\/ether 02:00:17:09:39:e8 brd ff:ff:ff:ff:ff:ff\n5: wg0: &lt;POINTOPOINT,NOARP,UP,LOWER_UP> mtu 8920 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000\n    link\/none \n<\/code><\/pre>\n\n\n\n<p>Now that you have confirmed that iptables is installed, and you have the name of you public facing interface. Go ahead, open your server configuration file wg0.conf and enter the following configuration in the [Interface] section of the file. Make sure to replace every occurrence of &#8220;enp0s3&#8221; with the name of your public facing interface (&#8220;enp0s3&#8221; appears six times in the lines below).<\/p>\n\n\n\n<pre class=\"wp-block-code has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><code>PreUp = sysctl -w net.ipv4.ip_forward=1\n\nPostUp = iptables -I INPUT -p udp --dport 51820 -j ACCEPT; iptables -t nat -I POSTROUTING 1 -s 10.16.0.0\/24 -o enp0s3 -j MASQUERADE; iptables -I INPUT 1 -i wg0 -j ACCEPT; iptables -I FORWARD 1 -i enp0s3 -o wg0 -j ACCEPT; iptables -I FORWARD 1 -i wg0 -o enp0s3 -j ACCEPT\n\nPostDown = iptables -D INPUT -p udp --dport 51820 -j ACCEPT; iptables -t nat -D POSTROUTING 1 -s 10.16.0.0\/24 -o enp0s3 -j MASQUERADE; iptables -D INPUT 1 -i wg0 -j ACCEPT; iptables -D FORWARD 1 -i enp0s3 -o wg0 -j ACCEPT; iptables -D FORWARD 1 -i wg0 -o enp0s3 -j ACCEPT<\/code><\/pre>\n\n\n\n<p>This configuration will allow IP forwarding, it will open UDP port 51820, make sure all outgoing packets are translated via the VPN, it will allow all traffic on wg0 interface, and allow packets to forward between the public Interface and the WireGuard every time WireGuard service is started as well as it will reverse everything mentioned above when WireGuard service is stopped.<\/p>\n\n\n\n<p>NOTE: If your server is behind additional firewall or a solution that act as a firewall such as AWS Security Group, OCI Network Security Group, etc. make sure to have port 51820 UDP open there as well.<\/p>\n\n\n\n<p>At this point your wg0.conf file should be complete and it should look similar to this<\/p>\n\n\n\n<pre class=\"wp-block-code has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><code>&#91;Interface]\nAddress = 10.16.0.1\/32\nListenPort = 51820\nPrivateKey = GK+wX0XxaUY9rlQOHCdF3teRZttWXADMVZ5eLfQa80c=\n\nPreUp = sysctl -w net.ipv4.ip_forward=1\n\nPostUp = iptables -I INPUT -p udp --dport 51820 -j ACCEPT; iptables -t nat -I POSTROUTING 1 -s 10.16.0.0\/24 -o enp0s3 -j MASQUERADE; iptables -I INPUT 1 -i wg0 -j ACCEPT; iptables -I FORWARD 1 -i enp0s3 -o wg0 -j ACCEPT; iptables -I FORWARD 1 -i wg0 -o enp0s3 -j ACCEPT\n\nPostDown = iptables -D INPUT -p udp --dport 51820 -j ACCEPT; iptables -t nat -D POSTROUTING 1 -s 10.16.0.0\/24 -o enp0s3 -j MASQUERADE; iptables -D INPUT 1 -i wg0 -j ACCEPT; iptables -D FORWARD 1 -i enp0s3 -o wg0 -j ACCEPT; iptables -D FORWARD 1 -i wg0 -o enp0s3 -j ACCEPT\n\n&#91;Peer]\nPublicKey = S\/rtqRg8TSscZfgLluwOcidGH8iKjtZEVjj68QtiCkM= \nAllowedIPs = 10.16.0.2\/32\n<\/code><\/pre>\n\n\n\n<p>Next restart WireGuard service to apply all the changes, and if you don&#8217;t get any errors you are ready to test your VPN server by connecting to it with your client.<\/p>\n\n\n\n<pre class=\"wp-block-code has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><code>systemctl restart wg-quick@wg0<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Connect Client to WireGuard VPN Server<\/h2>\n\n\n\n<p>To test the connection you can download the client configuration file on your client, and load it in to the WireGuard Client application by clicking on import tunnel from a file and providing the path to the client&#8217;s configuration file.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"324\" src=\"https:\/\/techtutelage.net\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-13-at-12.40.11-AM-1024x324.png\" alt=\"\" class=\"wp-image-352\" srcset=\"https:\/\/techtutelage.net\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-13-at-12.40.11-AM-1024x324.png 1024w, https:\/\/techtutelage.net\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-13-at-12.40.11-AM-300x95.png 300w, https:\/\/techtutelage.net\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-13-at-12.40.11-AM-768x243.png 768w, https:\/\/techtutelage.net\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-13-at-12.40.11-AM.png 1288w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Or click on the + in the bottom right corner of WireGuard Client application and select add and empty tunnel.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"387\" src=\"https:\/\/techtutelage.net\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-13-at-12.43.50-AM-1024x387.png\" alt=\"\" class=\"wp-image-353\" srcset=\"https:\/\/techtutelage.net\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-13-at-12.43.50-AM-1024x387.png 1024w, https:\/\/techtutelage.net\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-13-at-12.43.50-AM-300x113.png 300w, https:\/\/techtutelage.net\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-13-at-12.43.50-AM-768x290.png 768w, https:\/\/techtutelage.net\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-13-at-12.43.50-AM.png 1260w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Remove the pre existing &#8220;PrivateKey&#8221; from Add Empty Tunnel window and paste the content of your client&#8217;s configuration file wg0-mac.conf. You can get the content of the file by running the following command<\/p>\n\n\n\n<pre class=\"wp-block-code has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><code>cat \/etc\/wireguard\/mac\/wg0-mac.conf<\/code><\/pre>\n\n\n\n<p>Once you paste the client&#8217;s configuration in the WireGuard Client App  give your tunnel a name go ahead and click &#8220;Save&#8221;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"815\" src=\"https:\/\/techtutelage.net\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-13-at-12.52.22-AM-1-1024x815.png\" alt=\"\" class=\"wp-image-356\" srcset=\"https:\/\/techtutelage.net\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-13-at-12.52.22-AM-1-1024x815.png 1024w, https:\/\/techtutelage.net\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-13-at-12.52.22-AM-1-300x239.png 300w, https:\/\/techtutelage.net\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-13-at-12.52.22-AM-1-768x611.png 768w, https:\/\/techtutelage.net\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-13-at-12.52.22-AM-1.png 1204w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Once you have your tunnel saved you can go ahead and Activate your VPN <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"414\" src=\"https:\/\/techtutelage.net\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-13-at-1.00.23-AM-1024x414.png\" alt=\"\" class=\"wp-image-357\" srcset=\"https:\/\/techtutelage.net\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-13-at-1.00.23-AM-1024x414.png 1024w, https:\/\/techtutelage.net\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-13-at-1.00.23-AM-300x121.png 300w, https:\/\/techtutelage.net\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-13-at-1.00.23-AM-768x311.png 768w, https:\/\/techtutelage.net\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-13-at-1.00.23-AM-1536x622.png 1536w, https:\/\/techtutelage.net\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-13-at-1.00.23-AM.png 1784w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>At this point  the status of your connection should change to &#8220;Active&#8221;, turn green and you should see the data flowing.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"357\" src=\"https:\/\/techtutelage.net\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-13-at-1.04.05-AM-1024x357.png\" alt=\"\" class=\"wp-image-358\" srcset=\"https:\/\/techtutelage.net\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-13-at-1.04.05-AM-1024x357.png 1024w, https:\/\/techtutelage.net\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-13-at-1.04.05-AM-300x105.png 300w, https:\/\/techtutelage.net\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-13-at-1.04.05-AM-768x268.png 768w, https:\/\/techtutelage.net\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-13-at-1.04.05-AM-1536x535.png 1536w, https:\/\/techtutelage.net\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-13-at-1.04.05-AM.png 1722w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>To confirm that your VPN is working as expected, on your client open a web browser of your choice and google search &#8220;whats my ip&#8221;. The result should show the public IP address of your VPN server.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"323\" src=\"https:\/\/techtutelage.net\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-13-at-1.07.33-AM-1024x323.png\" alt=\"\" class=\"wp-image-359\" srcset=\"https:\/\/techtutelage.net\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-13-at-1.07.33-AM-1024x323.png 1024w, https:\/\/techtutelage.net\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-13-at-1.07.33-AM-300x95.png 300w, https:\/\/techtutelage.net\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-13-at-1.07.33-AM-768x242.png 768w, https:\/\/techtutelage.net\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-13-at-1.07.33-AM-1536x484.png 1536w, https:\/\/techtutelage.net\/wp-content\/uploads\/2023\/03\/Screen-Shot-2023-03-13-at-1.07.33-AM.png 1630w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Configure Additional Clients<\/h2>\n\n\n\n<p>To add additional clients repeat every step of the <strong>Configure Client<\/strong> section, make sure to assign the new clients an IP address that have not been assigned to another clients.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Client Configuration on Mobile Device<\/h2>\n\n\n\n<p>In addition to creating an empty tunnel and pasting all the configuration in it Like we did earlier, or downloading the configuration file, mobile devices have the option to set up a new tunnel by scanning a QR code. To get a tool that will allow you to generate client configuration QR code run the following commands<\/p>\n\n\n\n<pre class=\"wp-block-code has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><code>apt-get install qrencode -y<\/code><\/pre>\n\n\n\n<p>After you have &#8220;qrencode&#8221; installed you can use your client&#8217;s configuration file to generate QR code by running the following command.<\/p>\n\n\n\n<pre class=\"wp-block-code has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><code>qrencode -t ansiutf8 -l L &lt; \/etc\/wireguard\/mac\/wg0-mac.conf<\/code><\/pre>\n\n\n\n<p>The output of this command should produce QR code that you can scan with your WireGuard mobile app.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Learn how to install and configure WireGuard VPN on remote headless ubuntu server. For this particular example I am using Always Free Oracle Cloud instance, but this instructions should work on any ubuntu server. Install WireGuard Start with updating the package sources list with the latest version of packages in the repositories and install WireGuard. [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9,1],"tags":[],"class_list":["post-303","post","type-post","status-publish","format-standard","hentry","category-tutorials","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/techtutelage.net\/index.php?rest_route=\/wp\/v2\/posts\/303","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techtutelage.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techtutelage.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techtutelage.net\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techtutelage.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=303"}],"version-history":[{"count":22,"href":"https:\/\/techtutelage.net\/index.php?rest_route=\/wp\/v2\/posts\/303\/revisions"}],"predecessor-version":[{"id":363,"href":"https:\/\/techtutelage.net\/index.php?rest_route=\/wp\/v2\/posts\/303\/revisions\/363"}],"wp:attachment":[{"href":"https:\/\/techtutelage.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=303"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techtutelage.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=303"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techtutelage.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=303"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}