WireGuard is a modern, high-performance VPN designed to be easy to use while providing robust security. This guide will walk you through the steps to set up a WireGuard VPN server on Ubuntu, and connect to it using MacOS and Android clients.
Setting up the WireGuard VPN Server
Install WireGuard on your Ubuntu server:
sudo add-apt-repository ppa:wireguard/wireguard sudo apt-get update sudo apt-get install wireguard
Generate the server keys:
umask 077 wg genkey | tee /etc/wireguard/privatekey | wg pubkey > /etc/wireguard/publickey
Configure the VPN in
[Interface] Address = 10.0.0.1/24 ListenPort = 51820 # standard port, change as you like PrivateKey = (your server's private key) PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
Enable and start the VPN:
sudo systemctl enable wg-quick@wg0 sudo systemctl start wg-quick@wg0
Configuring Firewall (optional): If your firewall blocks all ports by default you have to allow UDP connections on port 51820 as WireGuard uses UDP for its transport protocol.
If you use
ufw use the following commands.
sudo ufw allow 51820/udp
Remember to enable the firewall if it’s not already enabled:
sudo ufw enable
Connecting a MacOS Client
- Install WireGuard on your MacOS device. You can do this through the App Store. Also, make sure that you have wireguard CLI install. You can do that by running homebrew command.
brew install wireguard-tools
Generate the client keys in terminal:
wg genkey | tee privatekey | wg pubkey > publickey
Add the client’s public key to the server’s configuration:
[Peer] PublicKey = (your client's public key) AllowedIPs = 10.0.0.2/32
Restart the WireGuard service to apply the changes:
sudo systemctl restart wg-quick@wg0
Create the client configuration in WireGuard on MacOS:
[Interface] PrivateKey = (your client's private key) Address = 10.0.0.2/32 DNS = 10.0.0.1 [Peer] PublicKey = (your server's public key) Endpoint = (your server's IP):51820 AllowedIPs = 0.0.0.0/0
Connecting an Android Client
Install the WireGuard app: Open the Google Play Store on your Android device, search for WireGuard, and install the WireGuard app.
Generate a key pair: Open the WireGuard app and tap the “+” button to add a new tunnel. Select “Create from scratch.” This will create a new key pair for your Android client.
Configure the tunnel: In the new tunnel configuration:
- Name your tunnel. This can be anything you like. It’s just to identify the connection in your WireGuard app.
- The Private key should be automatically generated. Tap on the eye icon to view the key and the corresponding Public key. You’ll need to add this Public key to your server’s configuration later.
- For Addresses, enter the next IP address in your VPN’s subnet. For example, if your server is
10.0.0.1and your macOS client is
10.0.0.2, you could use
10.0.0.3/32for your Android client.
- Leave DNS servers empty for now.
- Under Peer, you’ll need to add the Public key of your server, the Endpoint (your server’s public IP address and the port WireGuard is listening on), and the Allowed IPs. For Allowed IPs, you can use
0.0.0.0/0to route all traffic through the VPN, or use your VPN’s subnet (
10.0.0.0/24in this example) to only route internal VPN traffic.
Add the Android client to the server’s configuration: On your server, open the WireGuard configuration file (
/etc/wireguard/wg0.conf), and add a new
[Peer]section for the Android client. It should look something like this:
[Peer] PublicKey = ANDROID_PUBLIC_KEY AllowedIPs = 10.0.0.3/32
Replace “ANDROID_PUBLIC_KEY” with the Public key you generated on your Android device. Save the file and exit, then restart the WireGuard service to apply the changes:
sudo systemctl restart wg-quick@wg0
Connect: Back on your Android device, you can now tap the toggle switch to connect to the VPN. If everything is configured correctly, it should connect successfully. You can verify your connection by checking your IP address (it should be your server’s IP address if you’re routing all traffic through the VPN), or by trying to access a resource on your VPN’s network.
Depending upon the various factors you speed might vary with the VPN. Let’s see how does the speed looks like for me. My VPN server is hosted in Finland and I’m using it form India so definitely there will be some latencies.
Speed without VPN
I’m getting 197.32 Mbps download and 143.42 Mbps upload speed out of my 200 Mbps connection without any VPN in place.
Speed with VPN
I’m getting 177.80 Mbps download and 66.52 Mbps upload speed out of my 200 Mbps connection with any VPN in place.