WireGuard is a modern, high-performance VPN designed to be easy to use while providing robust security.  WireGuard focuses only on providing a secure connection between parties over a network interface encrypted with public key authentication.  

One of the most common topologies for WireGuard is a point-to-point connection, though WireGuard may be used in any topology. This establishes a secure link between two machines without mediation by a central server.  This type of connection can also be used between two different facilities. 

Install WireGuard 

There are a few ways to install WireGuard. In this guide, we'll show instructions for Ubuntu. If you are utilizing other distributions please find those instructions here.

sudo add-apt-repository ppa:wireguard/wireguard
sudo apt-get update
sudo apt-get install linux-headers-$(uname -r) wireguard

Quick configuration

The followings will guide you to connect privately between two devices. These steps must be repeated on both devices. 

Generate Private Key

Device A: 

root@a:~# umask 077
root@a:~# wg genkey > private_key

Device B: 

root@b:~# umask 077
root@b:~# wg genkey > private_key


Create wg0 network interface

Device A: 

ip link add wg0 type wireguard
ip addr add 192.168.2.1/24 dev wg0
wg set wg0 private-key ./private_key
ip link set wg0 up

Device B:

ip link add wg0 type wireguard
ip addr add 192.168.2.2/24 dev wg0
wg set wg0 private-key ./private_key
ip link set wg0 up


Verify wg0 is up by utilizing ip addr 

Device A: 

5: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1
    inet 192.168.2.1/24 scope global wg0

Device B: 

5: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1
    inet 192.168.2.2/24 scope global wg0


Tell each peer about each other

To setup this connection you will need to obtain a few things: 

  • Public key obtained by running wg on each device.
root@a:~# wg
interface: wg0
  public key: UVIUWfj9ZIZzCorIRsLT+Xp322KS5ogxzP/cTnEP3Dg=
  private key: (hidden)
  listening port: 58863
  • wg0 IP address on each device, in this example 192.168.2.x 
root@a:~# ip addr list |grep wg0
5: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1
    inet 192.168.2.2/24 scope global wg0
  • Public IP address of bond0  (147.x aka management IP)
  • Listening port found by using wg 
interface: wg0
  public key: UVIUWfj9ZIZzCorIRsLT+Xp322KS5ogxzP/cTnEP3Dg=
  private key: (hidden)
  listening port: 58863

Putting it all together: 

Device A: 

wg set wg0 peer UVIUWfj9ZIZzCorIRsLT+Xp322KS5ogxzP/cTnEP3Dg= allowed-ips 192.168.2.2/32 endpoint 147.75.62.137:58863

Note: the UVIUWfj9ZIZzCo… here comes from the output of wg  on Device B, as well as the entires for allowed-ips and endpoint.

Device B: 

wg set wg0 peer rOZoY2y5jArAwF4NhQRi3yw9n0VgNccSEDoDT4n72xo= allowed-ips 192.168.2.1/32 endpoint 147.75.52.129:48258

Note: the rOZoY2y5jArAwF… here comes from the output of wg  on Device A, as well as the entries for allowed-ips and endpoint.


Test Ping Between Devices: 

Device A: 

root@a:~# ping -c 5 192.168.2.2
PING 192.168.2.2 (192.168.2.2) 56(84) bytes of data.
64 bytes from 192.168.2.2: icmp_seq=1 ttl=64 time=11.9 ms
64 bytes from 192.168.2.2: icmp_seq=2 ttl=64 time=11.8 ms
64 bytes from 192.168.2.2: icmp_seq=3 ttl=64 time=11.8 ms
64 bytes from 192.168.2.2: icmp_seq=4 ttl=64 time=11.9 ms
64 bytes from 192.168.2.2: icmp_seq=5 ttl=64 time=11.9 ms

--- 192.168.2.2 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 11.850/11.910/11.955/0.042 ms

Device B

root@b:~# ping -c 5 192.168.2.1
PING 192.168.2.1 (192.168.2.1) 56(84) bytes of data.
64 bytes from 192.168.2.1: icmp_seq=1 ttl=64 time=11.6 ms
64 bytes from 192.168.2.1: icmp_seq=2 ttl=64 time=11.8 ms
64 bytes from 192.168.2.1: icmp_seq=3 ttl=64 time=11.9 ms
64 bytes from 192.168.2.1: icmp_seq=4 ttl=64 time=11.9 ms
64 bytes from 192.168.2.1: icmp_seq=5 ttl=64 time=11.7 ms

--- 192.168.2.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4005ms
rtt min/avg/max/mdev = 11.642/11.848/11.981/0.176 ms


Verifying  connection has been made between devices

Notice that after the two peers send traffic, running wg indicates the latest handshake an the amount of transfer utilized. 

Device A: 

interface: wg0
  public key: sjfOzJiZArrP4M8GjgTVseflzY2fuNO0+dNL9wNUNiM=
  private key: (hidden)
  listening port: 43579

peer: wbzL+XRW1iOETWnKUE6yi27w/Fp9rKKnVeu0N53+Nlo=
  endpoint: 147.75.62.137:36443
  allowed ips: 192.168.2.1/32
  latest handshake: 45 seconds ago
  transfer: 436 B received, 348 B sent

Device B: 

interface: wg0
  public key: wbzL+XRW1iOETWnKUE6yi27w/Fp9rKKnVeu0N53+Nlo=
  private key: (hidden)
  listening port: 36443

peer: MaZ495tu3I74ZSkNlDLNsizilOQUtze35/IvRd9azC0=
  endpoint: 147.75.58.131:43579
  allowed ips: 192.168.2.2/32
  latest handshake: 1 minute, 47 seconds ago
  transfer: 348 B received, 436 B sent



Additional Resources: 


Looking for More Help?

You can always reach out to us via email, live chat or return to our home page.

Did this answer your question?