Back to Blog
    NetworkingSecurityLinux

    Setting Up a Secure WireGuard VPN on Linux

    A comprehensive guide to deploying WireGuard VPN with proper key management and firewall configuration.

    January 20, 20267 min read

    Introduction

    WireGuard is a modern VPN protocol designed to be fast, simple, and secure.

    Prerequisites

    • A Linux server (Ubuntu LTS or Debian stable)
    • Root or sudo access
    • Basic networking knowledge

    Installation

    bash
    1sudo apt update && sudo apt upgrade -y
    2sudo apt install wireguard wireguard-tools -y

    Key Generation

    bash
    1wg genkey | sudo tee /etc/wireguard/private.key
    2sudo chmod 600 /etc/wireguard/private.key
    3sudo cat /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key

    Security note

    Never share your private key.

    Server Configuration

    ini
    1# /etc/wireguard/wg0.conf
    2[Interface]
    3PrivateKey = <server_private_key>
    4Address = 10.0.0.1/24
    5ListenPort = 51820
    6PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    7PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
    8 
    9[Peer]
    10PublicKey = <client_public_key>
    11AllowedIPs = 10.0.0.2/32

    Enable IP forwarding:

    bash
    1echo "net.ipv4.ip_forward=1" | sudo tee /etc/sysctl.d/99-wireguard.conf
    2sudo sysctl --system

    Firewall

    bash
    1sudo ufw allow 51820/udp
    2sudo ufw enable

    Start the VPN

    bash
    1sudo systemctl enable wg-quick@wg0
    2sudo systemctl start wg-quick@wg0
    3sudo wg show

    Conclusion

    WireGuard provides a clean, auditable VPN setup with excellent performance.

    WireGuard
    Linux
    UFW
    iptables

    Written by

    CT

    Corentin Tujague

    Network & Security Engineer

    Passionate about building secure, scalable infrastructure and sharing technical knowledge.