Linux WireGuard terminal Setup Guide

Configure your environment

  1. Install WireGuard for your distribution.

    Install additional packages for Debian/Ubuntu/Mint:

    $ sudo apt install resolvconf curl
    
  2. Generate your private and public keys and store them in a safe place.

    $ cd ~
    $ mkdir wireguard
    $ cd wireguard
    $ wg genkey | tee privatekey | wg pubkey > publickey
    $ chmod 600 privatekey
    $ cat privatekey
    abcdefghijklmnopqrstuvwxyz0123456789=
    $ cat publickey
    9876543210zyxwvutsrqponmlkjihgfedcba=
    

    Note: The keys above are examples only.

Setup WireGuard to use IVPN

  1. Log in to the IVPN Client Area.

  2. On the VPN Accounts page, click the WireGuard tab. Go to WireGuard Key Management located under Tools. Click the Add New Key button. Copy the contents of the public key file and paste them into the Public Key: field. Add a comment, like Linux if you prefer, and click the Add Key button.

    Be sure to copy the PUBLIC key and not the PRIVATE key. The PRIVATE key must always be kept a carefully guarded secret.
  3. Make note of the IPv4 address and IPv6 address beside your newly added public key on the WireGuard tab in the Client Area. These are the IP addresses your computer system will have on our internal network that will be in the 172.x.y.z & fd00:4956:504e:ffff::aaaa:bbbb format respectively.

  4. WireGuard uses the UDP protocol and IVPN offers different ports to connect on. Choose a port:

    udp 2049
    udp 2050
    udp 53
    udp 30587
    udp 41893
    udp 48574
    udp 58237
    
  5. Choose a WireGuard server to connect to from our Server Status page. Remember the hostname and the public key of the server.

  6. To create a WireGuard configuration file for the connection you will need the following information:

    Your private key from step #2 of the environment configuration.

    $ cat ~/wireguard/privatekey
    abcdefghijklmnopqrstuvwxyz0123456789=
    

    Your assigned IP addresses from step #3 above.

    172.x.y.z, fd00:4956:504e:ffff::aaaa:bbbb
    

    The server port from step #4 above.

    2049
    

    The server hostname and server public_key from step #5 above.

    us-tx1.wg.ivpn.net
    JPT1veXLmasj2uQDstX24mpR7VWD+GmV8JDkidkz91Q=
    
  7. Create the WireGuard configuration file.

    $ sudo mkdir /etc/wireguard
    $ sudo touch /etc/wireguard/us-tx1.conf
    $ sudo chmod 600 /etc/wireguard/us-tx1.conf
    $ sudo nano /etc/wireguard/us-tx1.conf
    

    Use Nano or your favorite text editor to edit the configuration file. Enter the details accordingly

    [Interface]
    PrivateKey = abcdefghijklmnopqrstuvwxyz0123456789=
    Address = 172.x.y.z/32, fd00:4956:504e:ffff::x:y/128
    DNS = 172.16.0.1
    [Peer]
    PublicKey = JPT1veXLmasj2uQDstX24mpR7VWD+GmV8JDkidkz91Q=
    Endpoint = us-tx1.wg.ivpn.net:2049
    AllowedIPs = 0.0.0.0/0, ::/0
    

    Press Ctrl + x to save the file and exit from the nano editor.

    - Add '/32' & '/128' to the end of your assigned IPv4 and IPv6 addresses respectively.
    - Add the chosen port at the end of the hostname with a prefix of ':'
  8. You are now ready. To connect run:

    $ sudo wg-quick up us-tx1
    
  9. Check the contents of /etc/resolv.conf to confirm that the wg-quick program updated the DNS server in your system.

    $ cat /etc/resolv.conf
    nameserver 172.16.0.1
    ...
    

    You may have to manually add an entry for our internal DNS IP address.

    $ sudo nano /etc/resolv.conf
    nameserver 172.16.0.1
    ...
    

    Press Ctrl + x to save the file and exit from the nano editor.

  10. Check your external IPv4 & IPv6 IP addresses to verify that you are connected to IVPN.

    $ curl ifconfig.co
    $ curl -6 ifconfig.co
    
  11. To disconnect run:

    $ sudo wg-quick down us-tx1
    
    Be sure to undo the manually applied changes to /etc/resolv.conf if any changes were required.
Spotted a mistake or have an idea on how to improve this page?
Suggest an edit on GitHub.