To avoid wasting your time, if you are simply wanting to install WireGuard and use it as a VPN, only follow step 1, the rest of the steps will not apply to you. The rest of the tutorial is for advanced users who want to setup tunnels which forward everything to the client such as ports.

1. Installing WireGuard

To install WireGuard we are going to use an installation script as this makes the process much faster and easier.

Run the following commands on your host VPS/machine:

curl -O https://raw.githubusercontent.com/angristan/wireguard-install/master/wireguard-install.sh
chmod +x wireguard-install.sh
./wireguard-install.sh

Leave all of the settings as default and let it install. Once you reach the client configuration step, enter whatever name you would like, for example TUNNEL-CLIENT, then leave the IP addresses as default then press enter.

If you are simply setting up a VPN you can scan the QR code or copy the details in the file generated by the script and use that on your client machine to connect to your VPN, then you’re done!

If you are wanting to setup a tunnel, continue reading.

2. Modifying /etc/sysctl.conf

Open the /etc/sysctl.conf file in your preferred editor (such as nano or vim), then go to the bottom and add the following lines:

net.ipv4.conf.all.proxy_arp=1
net.ipv4.ip_forward=1

Save and close the file, then run the following command:

sysctl -a

Finally reboot:

reboot

3. Server configuration

Once the server has rebooted, open up the /etc/wireguard/wg0.conf file.

You are going to replace the default client local IP address (usually something like 10.66.66.x, under the AllowedIPs option) with the public IP address you want to assign the client. This IP address must not be the same as the tunnel server’s IP address, it must be an additional IP that is not in use. Ensure you remove the IPv6 address from the client configuration.

Then reboot the server once again by running the reboot command.

4. Client configuration

Finally, edit the client configuration file generated by the installation script and replace the local IP address with the public IP address you placed in the server configuration.

Finally, add the tunnel configuration to your server or computer and your new tunnel should start working immediately.

Optional: Configuring WireGuard client on a server

1. Install the required packages

apt install -y resolvconf wireguard

2. Create a file in the /etc/wireguard directory called wg0.conf and paste the content of your client configuration file from earlier in there.

3. Configure WireGuard to start on boot

systemctl enable wg-quick@wg0

4. Restart the new wg0 interface

systemctl restart wg-quick@wg0

5. You’re done!