Setup Wireguard VPN on Linux and Windows 10

Подписаться 87

Просмотров 45 тыс.

50% 1

Update [July 19, 2019] The Wireguard client for Windows has been released. Please use that instead of Tunsafe. You can download it here - www.wireguard....
It's very easy to set up. Create the config files exactly as shown in the video for Tunsafe, and then import that config into the Wireguard client instead of Tunsafe.
---------------------------------------
A guide that shows you how to setup Wireguard VPN on Linux and Windows 10. You'll learn how to forward all your internet traffic across the Wireguard VPN tunnel, as well as setting up a point to point link.
If you have any questions, leave a comment and I'll try and answer.
Links:
1. Wireguard website: www.wireguard....
2. Tunsafe: tunsafe.com/ [Update -- Use official Windows Client from the link above instead of Tunsafe]
Commands:
1. Add Wireguard Repo:
add-apt-repository ppa:wireguard/wireguard
2. Setup keys:
wg genkey | tee privatekey | wg pubkey &gt publickkey
3. Check public IP:
dig +short myip.opendns.com @resolver1.opendns.com
4. Iptables commands (use the correct interface on your machine - mine is ens3):
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE

Опубликовано:

29 сен 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 92

@breadboardvideos9180 5 лет назад

The Wireguard client for Windows has been released. Please use that instead of Tunsafe. You can download it here - www.wireguard.com/install/ I will update the video, but it's really very easy to set up. Create the config files as shown in the video, and then import it into the Wireguard client. There's no real difference.

@phanikrishnahari1622 5 лет назад

when i do wg-quick up wg0 on client, my ssh session gets disconnected and im not able to connect back ssh into the client....any throughts around it?

@alexm6193 3 года назад

Had this just happen to me. Baffled if I know.

5 лет назад

Hi, i can ping to client, but client don't load any website. Do i need to do some DNS forwarding too? Thank you.

@breadboardvideos9180 5 лет назад

Hey - did you do the IP forwarding and the IP tables settings? If you did, try to ping 8.8.8.8 from the client. If you get a reply, then yes, it's a DNS issue. If that ping doesn't work, then something else is borked. Let me know what response you get and I can help troubleshoot further.

@HusoAmir 5 лет назад

@@breadboardvideos9180 Hi. I have same issue. I ping 8.8.8.8 and got a reply so how can I forward DNS?

@noname-xl1jx 2 года назад

wlinkdux 10

@ksjsj1139 3 года назад

While performing mentioned steps in Centos7 getting below mentioned errors , please help me to fix this. [root@wireguard-server ~]# wg-quick up wg0 [#] ip link add wg0 type wireguard RTNETLINK answers: Operation not supported Unable to access interface: Protocol not supported [#] ip link delete dev wg0 Cannot find device "wg0"

@breadboardvideos9180 3 года назад

Sounds like Wireguard didn't install correctly. Try reinstalling it.

@loveanimals-0197 4 года назад

It's not clear in your video what you mean by addresses 192.168.9.1 -3 . Are they pre-existing IP addresses of your clients, or are they IPs for a separate VPN network you'd be creating? WHY NOT CLARIFY? Your demo is one of the better ones, but there are so many of these crappy official blogs which don't clarify anything. Same thing with OpenVPN! Why build a product, and not clearly write up how to USE IT!

@breadboardvideos9180 4 года назад

The IP addresses are for a separate VPN network (hence the name Virtual Private Network).

@LoveDaisy2024 3 года назад

Thank you

@sRGB 5 лет назад

# WireGuard installer for Ubuntu 18.04 LTS, Debian 9 and CentOS 7. # Usage: wget -qO- git.io/wireguard.sh | bash

@waffle-techo 4 года назад

Right now saw i the Wireguard has Client for windows 10 ! the question is ( i cant find anywhere ) ! i must have to install Wireguard on Cloud Server and windows as well ! then use client to connect ! do we install on windows through "Command Prompt " ? thx

@johnbaker3148 4 года назад

Hi I have been following your tutorial very closely, but when I get to 4:38 into the video I get the following error: /etc/wireguard# wg-quick up wg0 [#] ip link add wg0 type wireguard RTNETLINK answers: No such device Unable to access interface: Protocol not supported [#] ip link delete dev wg0 Cannot find device "wg0" What is the reason for this? I would appreciate any help you could give me. Thank you

@breadboardvideos9180 4 года назад

That sounds like Wireguard isn't correctly installed or something in your Linux install is borked. If you're certain you haven't made any errors while following the tutorial (typos?), then try the tutorial on a fresh install of Linux - spin up a temp VM or something. If it works there, you know it's your particular server.

@manuelgmra 4 года назад

Thank you for your easy to learn video

@itzurabhi 4 года назад

one of the easiest and straight to point tutorials I've seen. Thank you for your time.

@breadboardvideos9180 4 года назад

Thanks

@GerrieVanwelde 5 лет назад

Very interesting video, makes it realy simple. All peers are visible and can ping to the server. The server pings to the RPi but not the the windows client... I'm missing someting. Did you manage to make the peers talk to eachother and not just to the server? The idea is to setup a VPN between different systems, make them able to talk to eachother. Thanks for your help

@breadboardvideos9180 5 лет назад

Yes, you can do that. But that's just a question of standard routing/firewall configs, nothing really to do with Wireguard. On the Windows machine have you turned off the firewall? Can you ping the RPi from the Windows machine? The setup I've shown should allow the machines to communicate with each other since there's an 0/0 allow all, so that should work by default. If you have a more complicated routing setup, you'd have to set up routes as you normally do in Linux.

@MichaelKingTravels 5 лет назад

appreciate that you posted this, thanks!

@ac6475 4 года назад

Great guide and simple. Thank you!

@martingerman2457 4 года назад

Hi, its a great manual, thanks. Just one question. Peer section isn't working, if i add to config SaveConfig = True i see that. Do you have any ideas? conf file looks like: [Interface] Address = 127.0.0.1 SaveConfig = true PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i %i -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i %i -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE ListenPort = 54888 PrivateKey = dfdsfWIAgN4Q1j/RLqnGY4qh6Dy6bKqy74RFdfdfddf= [Peer] PublicKey = wddfddfqgWE3dA3GhWFnaQvZfUQAdfddfhM5Ws= AllowedIPs = 192.168.9.2/32 [Peer] PublicKey = wwQMdFd9S1fNlqgWE3dA3GhWFnaQvZfUQAePz0hM5Ws= AllowedIPs = 192.168.9.3/32

@breadboardvideos9180 4 года назад

Why is your interface address localhost (127.0.0.1)? It needs to be 192.168.9.1 (using the scheme you have).

@martingerman2457 4 года назад

@@breadboardvideos9180 server ip is 49.12.0.212, it is? tell me plz what kernel version work for you? Im try 4.15.x and 5.4.x - same result with no working peers

@loveanimals-0197 4 года назад

I followed everything. My wireguard server is running on an openwrt router, and my client is Windows. Mine is stuck sending and waiting for handshake. LOG: [20:02:24] Sending handshake... [20:02:29] Retrying handshake, attempt 2... [20:02:34] Retrying handshake, attempt 3... [20:02:40] Retrying handshake, attempt 4... [20:02:45] Retrying handshake, attempt 5...

@alexm6193 3 года назад

This no longer seems to work. Have tried several VMs and all give out RTNETLINK. The website www.wireguard.com/install/ shows ubuntu is no longer supported, and tried several different OS' that were green on that list and all flopped. Is there no way to still make this work?

@breadboardvideos9180 3 года назад

try this - tonyfernandeztech.wordpress.com/2021/01/05/wireguard-fixing-the-rtnetlink-error/

@alexm6193 3 года назад

@@breadboardvideos9180 Yep, that was it. Needed to update headers but the VM supplied to me wouldn't let me change them. Took a while but got there in the end. Thanks for the help. Edit: For anyone reading this. Linux kernel 4.15- will not install wireguard. Needs to be 4.19 or higher.

@kamranmalik6853 4 года назад

Thanks man you save my day .

@dishjuarezdishjuarez9329 4 года назад

Hello good afternoon friend, I want to ask you if it is possible to create a permanent tunnel between two linux servers with both public ips, also that each of them use their internet independently, the tunnel would only be used for streaming between them because in one of them is the source of the signal and in the other is the streaming server, thanks

@breadboardvideos9180 4 года назад

Yeah, that's the default config - just don't do the Iptalbes setup and you will have what you need. The two machines will communicate with each other via the assigned private IPs - in my example, I use 192.168.8.x

@dishjuarezdishjuarez9329 4 года назад

@@breadboardvideos9180 thanks a lot ill try then... a last question can i use ubuntu 18.04 for that?

@djbertinho1984 4 года назад

hi can you please help me ?? i have trying for several days and lost so many hours and cant put my mullvad wireguard account on my openwrt router. Please, help me

@kelvindelmonte7276 5 лет назад

Thank you for posting this!

@seitbekir 5 лет назад

Best video and instruction. The only problem I had its macOS. Seems, it doesn't work. But on phone and iOS works fine.

@LoweHenry 4 года назад

Hello sir how do u do the DNS config here or just let it set automatically?

@lockenemeth5410 3 года назад

Thanks for posting, very interesting

@DrEverythingBAlright 4 года назад

Hi, what version of Windows 10 are you using? It's not working for me and I am using version 1909; it connects to the server, I can ping the server local IP, but can't access the Internet. Occasionally, I am able to access to Bing, Google, and sometimes RU-vid. I have rebooted both the server and the client and I have also tried both WireGuard and TunSafe client to no avail. However, the same config file works well on my Android device using the official WireGuard Android client. For others reading this comment, here's a script to make the process easier: github.com/angristan/wireguard-install

@breadboardvideos9180 4 года назад

The video shows whatever was the latest version of Windows 10 (1809?) at the time. However, I've had no issues running wireguard on the very latest versions of Windows 10. 1909 currently. If you can connect to the server and ping it, and even connect to the internet, the issue isn't with Wireguard or Windows. It's something else. Possibly an upstream firewall.

@DrEverythingBAlright 4 года назад

I think it might have been a DNS issue with the router-I am not sure. I was also having the same issue on Ubuntu 18.04 LTS. However, after I factory reset my router, it's now working on both operating systems. Thanks for your assistance.

@dimitristsoutsouras2712 5 лет назад

Exceptional Video... small and straight to the point of info needed. Question .... do the clients in your example have a static Ip also? What if they take IP from a DHCP Server? Do you have to type in [Interface]/Address 0.0.0.0 as well then in order to work?

@breadboardvideos9180 5 лет назад

Thank you. Regarding DHCP -The WireGuard protocol does not have the capability to assign unique IPs to each peer through DHCP. You have to set static IPs on both sides.

@dishjuarezdishjuarez9329 4 года назад

Hi friend, your tutorial was very efficient for me, it is one of the best on the internet, I have finished making a point-to-point tunnel between two servers, it is the most stable so much that I can transmit FHD streaming, without the tunnel I transmitted in SD with a lot of buffer, now with only configuring the tunnel I can already transmit in FHD and without any buffer.

@breadboardvideos9180 4 года назад

Glad to hear it.

@affieuk 4 года назад

Great video, clear and to the point. I didn't hear it pointed out and I felt like it might be the default configuration but what's required for split tunnel configuration? This is for domain joined machines, so only I'm trying to figure out if I can forward just domain traffic over the VPN and everything else can go via the internet connection.

@breadboardvideos9180 4 года назад

AFAIK you can set this up using standard routing rules in your OS of choice.

@186663 5 лет назад

hi, is it works also like network between remote client and server network? i want make network between my work office and home pc

@breadboardvideos9180 5 лет назад

It's highly unlikely that your work network will allow this, but if it does, then sure, you can set it up.

@Davidkiania 5 лет назад

Absolutely spectacular illustration and demonstration. I feel ready to install it myself. Thank you.

@breadboardvideos9180 5 лет назад

Thank you.

@34psbolide 5 лет назад

A very good video. At one point I came to a standstill. I didn't know that you have to enable IP forwarding explicitly in the OS. After that everything worked as described. Thanks a lot! "sysctl -w net.ipv4.ip_forward=1"

@breadboardvideos9180 5 лет назад

Yes, I go over this at 9 min into the video - ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-hR7KlUVA0zk.html

@breadboardvideos9180 5 лет назад

And thanks!

@karl-heinzpeters7283 5 лет назад

Great vid! Thx.

@LoweHenry 4 года назад

Hi, may I ask that when we set wifeguard up like this, whenever we browse the internet using our client machine, the IP/location shown will be that of our Server’s IP/location? Thank u for a great video.

@breadboardvideos9180 4 года назад

Yes, that's how it works. If you set it up correctly (like in the video), you will appear to be browsing from your server.

@LoweHenry 4 года назад

@@breadboardvideos9180 Thank u sir, grateful for the info.

@LoweHenry 4 года назад

hi sir, what determines the speed & bandwidth of our connection?

@breadboardvideos9180 4 года назад

@@LoweHenry A VPN doesn't change your speed/bandwidth. It will be whatever your ISP gives you.

@achan7396 5 лет назад

Hi, thanks for the excellent video explanation. I have been trying to get Wireguard working on raspberry-pi 3 to replace the pi-VPN. But it just won't work. Would you be able to make a video like this but on raspberry-pi 3. Thanks.

@breadboardvideos9180 5 лет назад

Hey. Thank you for the comment. As it happens, I have a Raspberry Pi 3 lying around. I'll dig it out and create a video on this - it's an interesting suggestion since not very many people will have servers colocated in a datacenter. Many more people have a Raspberry Pi!

@mattb5126 5 лет назад

It would be wonderful if you could do a video for wireguard on the Raspberry Pi with Linux and with Windows clients. I would definitely give it a try.

@miguelroscas 5 лет назад

Please do a speedtest

@davodke6352 5 лет назад

i problem bu wireguard . when use 2 decive on one time disconnect. why?

@breadboardvideos9180 5 лет назад

You can't use two devices with the same public/private keys. Just add a new device - I've shown this in the video when I add the Windows PC.

@davodke6352 5 лет назад

how to add new device ??

@x86cowboy 5 лет назад

Really great video. keep up the great work!

@breadboardvideos9180 5 лет назад

Thanks!

@heliodoro58 5 лет назад

Thanks for this great video. Is there a tutorial installing the client on a macbook? Thank you

@heliodoro58 5 лет назад

Never mind. Get it working :) using brew. Once again Thanks

@breadboardvideos9180 5 лет назад

The official Wireguard client is now in the Mac App Store. itunes.apple.com/us/app/wireguard/id1451685025?ls=1&mt=12

@andreammermann4018 5 лет назад

Thank you for the great Video. How to do it if you have 3 or more clients? Do you have to generate again the keys on client and server? Or how to do that?

@breadboardvideos9180 5 лет назад

No, you just add the client's public key to the server. Look at how I added the Windows machine - just repeat that process for as many clients as you like.

@andreammermann4018 5 лет назад

OK, Thank you. I did as you mentioned it. If i like to bring the Interface up on the Client, it tells me parsing error on the private key. But it´s correct. Any ideas on that?

@breadboardvideos9180 5 лет назад

@@andreammermann4018 Sounds like you're making some mistakes in the setup. Sorry, I can't really troubleshoot over RU-vid comments! I would recommend you watch the video again and read the Wireguard setup documentation.. it's easy once you get the hang of it, but it takes a bit of time to figure out at first.

@sebastiaanstoffels7565 5 лет назад

Great vid. Thank you!

@breadboardvideos9180 5 лет назад

You're very welcome. I'm glad it helped.

@2hot 4 года назад

Maybe I missed it but in your setup you know the clients IP address in advance since you're on a LAN where you can have statically assigned IP addresses. And it looks like the server NEEDS to know the clients IP addresses ahead of time. If you set up the server part on a home server say Ubuntu 19.10 server and you have a dynamic IP address from your ISP you can use a DDNS service so you can reach your LAN's server using a URL so you can connect using SSH. My questions are: How could you use wireshark from say your laptop when you're traveling never knowing what your next IP address will be? Do you have to SSH into the server and configure it for whatever IP address you have each time, then restart the service before you can connect thru it or is there a way set it up using a DDNS service? Can the DDNS URL be used in place of the clients IP address? Well done video otherwise. Thanks in advance

@breadboardvideos9180 4 года назад

Instead of using an IP for the server, you should be able to use a DDNS URL in the client's config.Just change the Address line in the client config to URL:PORT instead of IP:PORT

@breadboardvideos9180 4 года назад

And the server does NOT need to know the client's PUBLIC IP. The server simply assigns the PRIVATE IP to any request that correctly authenticates using the specified key pair

@2hot 4 года назад

@@breadboardvideos9180 Thanks for the fast response. That's what I suspected but as the old saying goes "The only stupid question is the one not asked". Looks like I'll be giving this a shot. Thanks for the great video and your help.

@2hot 4 года назад

@@breadboardvideos9180 Don't mean to aggravate you but I can't believe nobody has pointed this out in more than a year but in the list of commands you give 2. Setup keys: wg genkey | tee privatekey | wg pubkey &gt publickkey shouldn't that be: wg genkey | tee privatekey | wg pubkey > publickey which is what you show in the video? Heaven help those who blindly copy and paste...lol.

@2hot 4 года назад

@@breadboardvideos9180 Should but can't. It wont accept it. Any attempt to use a URL instead of an IP address in the Windows client results in a "Unable to create new configuration" window that states "Invalid IP address:".