Introduction
As we progress through our WireGuard journey, it’s important to remember the benefits of this modern VPN protocol. WireGuard offers exceptional speed, robust security, and ease of use. In our previous posts, we introduced WireGuard, set up the MikroTik router as a WireGuard server, and configured the Ubuntu Server as a WireGuard client. Now, let’s bring it all together and establish the WireGuard tunnel.
Router Configuration
Before configuring the WireGuard client on the Ubuntu Server, let’s ensure our MikroTik router is correctly configured.
- Verify Router Configuration:
- Log in to the MikroTik router’s web interface.
- For precise firewall rules, ensure that you allow incoming UDP traffic on the WireGuard port (usually 51820) from the client’s IP address to the router’s IP address.
- Firewall Rules and NAT Configuration:
- Here’s an example of MikroTik firewall rules:
/ip firewall filter add chain=input action=accept protocol=udp port=51820 src-address=<Client_IP> dst-address=<Router_IP>
/ip firewall filter add chain=forward action=accept protocol=udp port=51820 src-address=<Client_IP> dst-address=<Router_IP>
- Adjust
<Client_IP>
and<Router_IP>
with actual IP addresses.
- Here’s an example of MikroTik firewall rules:
Server Configuration
With the router in order, let’s proceed to configure the WireGuard client on the Ubuntu Server.
- WireGuard Configuration File:
- When creating the WireGuard configuration file on the Ubuntu Server, ensure you have appropriate privileges. You can use
sudo
or log in as root.
- When creating the WireGuard configuration file on the Ubuntu Server, ensure you have appropriate privileges. You can use
- Generating WireGuard Keys:
- If you haven’t already generated private and public keys for the client and server, follow these steps:
- On the server:
umask 077 && wg genkey | tee /etc/wireguard/privatekey | wg pubkey > /etc/wireguard/publickey
- On the client:
umask 077 && wg genkey | tee /etc/wireguard/privatekey | wg pubkey > /etc/wireguard/publickey
- On the server:
- If you haven’t already generated private and public keys for the client and server, follow these steps:
- Understanding Configuration Options:
- Here’s a brief explanation of the sample configuration file:
[Interface]
: This section defines the client’s private key, the assigned IP address, and the DNS server.[Peer]
: This section specifies the server’s public key, the allowed IP range, and the server’s endpoint.
- Here’s a brief explanation of the sample configuration file:
- Replace Placeholder Values:
- Emphasize the importance of replacing placeholder values in the configuration file with actual values. These values are crucial for establishing the WireGuard tunnel.
- Start the WireGuard Interface:
- If you want to see process output in the terminal, you can add the
--nofork
option to thewg-quick
command in step 5.
- If you want to see process output in the terminal, you can add the
- Verifying the Connection:
- When running
sudo wg
in step 6, you should see output with information about the WireGuard interface, including the handshake status.
- When running
Troubleshooting and Testing
For a seamless setup, consider these common troubleshooting steps:
- DNS Resolution Issues: If you face DNS resolution problems, ensure that your DNS settings are correctly configured in the WireGuard configuration file.
- Network Mismatch: Check that your network settings on both the client and server match, including IP addresses and subnet masks.
Conclusion
Congratulations! You’ve successfully configured the WireGuard tunnel between your MikroTik router and Ubuntu Server. By following these steps, you’ve achieved a secure and efficient VPN connection. In our next and final part of this series, we’ll delve into advanced security measures and performance optimization to further enhance your WireGuard setup. Stay tuned!