# Installing WireGuard VPN

![](https://497022807-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M40gfLBnd0WeqnRKeZO%2F-M4_6QyFVGarxc0QePQ5%2F-M4_6Rz1hUaafNXoWbfF%2Fimage.png?alt=media\&token=3a9a2e74-7f7c-46ff-8627-6f28f02104c9)

Want to watch YouTube TV but your local channels aren't available? Try WireGuard VPN to bypass their location services. They noticed my VPN when using OpenVPN :-(

Or use WireGuard as an alternative way to connect to your home lab with a VPN

### Install Dependancies

Install Ubuntu Server\
Install [WireGuard](https://www.wireguard.com/install/) on Ubuntu Server \
Install [WireGuard](https://www.wireguard.com/install/) on Client

If Ubuntu >19.10

`sudo apt install wireguard`

If Ubuntu < 19.10

`sudo add-apt-repository ppa:wireguard/wireguard`  \
`sudo apt-get update`  \
`sudo apt-get install wireguard`

### Configure WireGuard Server

Generate a public and private key\
`mkdir -p /etc/wireguard/keys`\
`cd /etc/wireguard/keys`\
`umask 044`\
`wg genkey | tee privatekey | wg pubkey > publickey`\
\
Create the WireGuard config file and add the contents below\
`/etc/wireguard/wg0.conf`

```
[Interface]
PrivateKey = <Private Key>
Address = 10.100.100.1/24, 
ListenPort = 51820
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens160 -j MASQUERADE; 
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens160 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; 
SaveConfig = true
```

The Address field is the range of IPs you will be assigning to the clients. When the client connects, the iptables rule handles the NAT in order to provide the client the IP address of the server. Saveconfig allows the new peer to be added to the config file when the service is running. <br>

### Set Up Firewall Rules

Make sure to port forward 51820 UDP on pfSense under Firewall -> NAT&#x20;

![](https://497022807-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M40gfLBnd0WeqnRKeZO%2F-M4ZiJ_K1536Bq1uoq3h%2F-M4ZxNbF3LAQFuHASnkY%2Fimage.png?alt=media\&token=3d7500e2-c735-40f2-80d4-28427f1e308e)

Allow the server/clients access to the internet\
Firewall -> Rules

![](https://497022807-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M40gfLBnd0WeqnRKeZO%2F-M4ZiJ_K1536Bq1uoq3h%2F-M4ZxlZtuejvabBzL1Xk%2Fimage.png?alt=media\&token=6332ac2f-2686-4d40-a60a-fb04e4684536)

### Start WireGuard Service

Start WireGuard\
`wg-quick up wg0`\
\
Enable start up on boot\
`systemctl enable wg-quick@wg0`\
\
Verify if VPN connection is listening (should see listening connection)\
`wg show`

### Configure WireGuard Client

WireGuard should have been installed on the client by now, if not go to <https://www.wireguard.com/install/>\
On Windows: Open the application, Click the dropdown next to add tunnel and select empty tunnel. \
Add the following contents<br>

![](https://497022807-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M40gfLBnd0WeqnRKeZO%2F-M4ZiJ_K1536Bq1uoq3h%2F-M4_1KTFRGIhwT1qlMeR%2Fimage.png?alt=media\&token=66e97b83-e5d3-46ca-808e-e4fcf48dcb05)

You should be able to connect to your home network now. \
To verify if the connection was successful run `wg show` on the wireguard server and you should see the peer information. <br>

![](https://497022807-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M40gfLBnd0WeqnRKeZO%2F-M4ZiJ_K1536Bq1uoq3h%2F-M4_3U7CG6LVnmpZE3UA%2Fimage.png?alt=media\&token=989fefbf-3bdb-4f0b-a84a-4ee136d068c2)