algo/docs/client-linux-wireguard.md

# Using Ubuntu as a Client with WireGuard

## Install WireGuard

To connect to your AlgoVPN using [WireGuard](https://www.wireguard.com) from Ubuntu, first install WireGuard:

```shell
# Ubuntu 19.04 and earlier:
# Add the WireGuard repository
sudo add-apt-repository ppa:wireguard/wireguard

# Ubuntu 17.10 and earlier:
# Update the list of available packages
sudo apt update

# Install the tools and kernel module:
sudo apt install wireguard openresolv
```

For installation on other Linux distributions, see the [Installation](https://www.wireguard.com/install/) page on the WireGuard site.

## Locate the Config File

The Algo-generated config files for WireGuard are named `configs/<ip_address>/wireguard/<username>.conf` on the system where you ran `./algo`. One file was generated for each of the users you added to `config.cfg`. Each WireGuard client you connect to your AlgoVPN must use a different config file. Choose one of these files and copy it to your Linux client.

## Configure WireGuard

Finally, install the config file on your client as `/etc/wireguard/wg0.conf` and start WireGuard:

```shell
# Install the config file to the WireGuard configuration directory on your
# Linux client:
sudo install -o root -g root -m 600 <username>.conf /etc/wireguard/wg0.conf

# Start the WireGuard VPN:
sudo systemctl start wg-quick@wg0

# Check that it started properly:
sudo systemctl status wg-quick@wg0

# Verify the connection to the AlgoVPN:
sudo wg

# See that your client is using the IP address of your AlgoVPN:
curl ipv4.icanhazip.com

# Optionally configure the connection to come up at boot time:
sudo systemctl enable wg-quick@wg0
```

If your Linux distribution does not use `systemd` you can bring up WireGuard with `sudo wg-quick up wg0`.

## Using a DNS Search Domain

As of the `v1.0.20200510` release of `wireguard-tools` WireGuard supports setting a DNS search domain. In your `wg0.conf` file a non-numeric entry on the `DNS` line will be used as a search domain. For example this:
```
DNS =  172.27.153.31, fd00::b:991f, mydomain.com
```
will cause your `/etc/resolv.conf` to contain:
```
search mydomain.com
nameserver 172.27.153.31
nameserver fd00::b:991f
```
If you're using the version of WireGuard included with Ubuntu as of 19.10 it might be from before this feature was added. To use the latest version of WireGuard add the PPA repository as shown above.

Note that using the PPA repository on Ubuntu 20.04 LTS instead of the WireGuard modules shipped in the kernel package may cause the installation of about 40 additional packages in order to compile the kernel module.
Randomly generated IP address for the local dns resolver (#1429) * generate service IPs dynamically * update cloud-init tests * exclude ipsec and wireguard ranges from the random service ip * Update docs * @davidemyers: update wireguard docs for linux * Move to netaddr filter * AllowedIPs fix * WireGuard IPs fix 2019-05-17 12:49:29 +00:00			`# Using Ubuntu as a Client with WireGuard`
Document how to use WireGuard on Ubuntu clients (#1071) 2018-08-28 14:25:40 +00:00
			`## Install WireGuard`

Randomly generated IP address for the local dns resolver (#1429) * generate service IPs dynamically * update cloud-init tests * exclude ipsec and wireguard ranges from the random service ip * Update docs * @davidemyers: update wireguard docs for linux * Move to netaddr filter * AllowedIPs fix * WireGuard IPs fix 2019-05-17 12:49:29 +00:00			`To connect to your AlgoVPN using [WireGuard](https://www.wireguard.com) from Ubuntu, first install WireGuard:`
Document how to use WireGuard on Ubuntu clients (#1071) 2018-08-28 14:25:40 +00:00
improve readability (#1085) 2018-09-02 19:22:24 +00:00			```shell
Update the Ubuntu WireGuard documentation (#1645) 2019-11-27 06:45:27 +00:00			`# Ubuntu 19.04 and earlier:`
			`# Add the WireGuard repository`
Document how to use WireGuard on Ubuntu clients (#1071) 2018-08-28 14:25:40 +00:00			`sudo add-apt-repository ppa:wireguard/wireguard`
improve readability (#1085) 2018-09-02 19:22:24 +00:00
Update the Ubuntu WireGuard documentation (#1645) 2019-11-27 06:45:27 +00:00			`# Ubuntu 17.10 and earlier:`
			`# Update the list of available packages`
Randomly generated IP address for the local dns resolver (#1429) * generate service IPs dynamically * update cloud-init tests * exclude ipsec and wireguard ranges from the random service ip * Update docs * @davidemyers: update wireguard docs for linux * Move to netaddr filter * AllowedIPs fix * WireGuard IPs fix 2019-05-17 12:49:29 +00:00			`sudo apt update`
improve readability (#1085) 2018-09-02 19:22:24 +00:00
Document how to use WireGuard on Ubuntu clients (#1071) 2018-08-28 14:25:40 +00:00			`# Install the tools and kernel module:`
Randomly generated IP address for the local dns resolver (#1429) * generate service IPs dynamically * update cloud-init tests * exclude ipsec and wireguard ranges from the random service ip * Update docs * @davidemyers: update wireguard docs for linux * Move to netaddr filter * AllowedIPs fix * WireGuard IPs fix 2019-05-17 12:49:29 +00:00			`sudo apt install wireguard openresolv`
Document how to use WireGuard on Ubuntu clients (#1071) 2018-08-28 14:25:40 +00:00			```

Update Linux WireGuard client instructions (#1407) 2019-04-26 04:56:38 +00:00			`For installation on other Linux distributions, see the [Installation](https://www.wireguard.com/install/) page on the WireGuard site.`
Document how to use WireGuard on Ubuntu clients (#1071) 2018-08-28 14:25:40 +00:00
			`## Locate the Config File`

Update Linux WireGuard client instructions (#1407) 2019-04-26 04:56:38 +00:00			The Algo-generated config files for WireGuard are named `configs/<ip_address>/wireguard/<username>.conf` on the system where you ran `./algo`. One file was generated for each of the users you added to `config.cfg`. Each WireGuard client you connect to your AlgoVPN must use a different config file. Choose one of these files and copy it to your Linux client.
Document how to use WireGuard on Ubuntu clients (#1071) 2018-08-28 14:25:40 +00:00
			`## Configure WireGuard`

			Finally, install the config file on your client as `/etc/wireguard/wg0.conf` and start WireGuard:

improve readability (#1085) 2018-09-02 19:22:24 +00:00			```shell
Document how to use WireGuard on Ubuntu clients (#1071) 2018-08-28 14:25:40 +00:00			`# Install the config file to the WireGuard configuration directory on your`
Update Linux WireGuard client instructions (#1407) 2019-04-26 04:56:38 +00:00			`# Linux client:`
Document how to use WireGuard on Ubuntu clients (#1071) 2018-08-28 14:25:40 +00:00			`sudo install -o root -g root -m 600 <username>.conf /etc/wireguard/wg0.conf`
improve readability (#1085) 2018-09-02 19:22:24 +00:00
Document how to use WireGuard on Ubuntu clients (#1071) 2018-08-28 14:25:40 +00:00			`# Start the WireGuard VPN:`
			`sudo systemctl start wg-quick@wg0`
improve readability (#1085) 2018-09-02 19:22:24 +00:00
Document how to use WireGuard on Ubuntu clients (#1071) 2018-08-28 14:25:40 +00:00			`# Check that it started properly:`
			`sudo systemctl status wg-quick@wg0`
improve readability (#1085) 2018-09-02 19:22:24 +00:00
Update Linux WireGuard client instructions (#1407) 2019-04-26 04:56:38 +00:00			`# Verify the connection to the AlgoVPN:`
Document how to use WireGuard on Ubuntu clients (#1071) 2018-08-28 14:25:40 +00:00			`sudo wg`
improve readability (#1085) 2018-09-02 19:22:24 +00:00
Update Linux WireGuard client instructions (#1407) 2019-04-26 04:56:38 +00:00			`# See that your client is using the IP address of your AlgoVPN:`
Document how to use WireGuard on Ubuntu clients (#1071) 2018-08-28 14:25:40 +00:00			`curl ipv4.icanhazip.com`
improve readability (#1085) 2018-09-02 19:22:24 +00:00
Document how to use WireGuard on Ubuntu clients (#1071) 2018-08-28 14:25:40 +00:00			`# Optionally configure the connection to come up at boot time:`
			`sudo systemctl enable wg-quick@wg0`
			```

Update Linux WireGuard client instructions (#1407) 2019-04-26 04:56:38 +00:00			If your Linux distribution does not use `systemd` you can bring up WireGuard with `sudo wg-quick up wg0`.
Document WG DNS search domain on Linux client (#1796) 2020-05-16 15:45:00 +00:00
			`## Using a DNS Search Domain`

			As of the `v1.0.20200510` release of `wireguard-tools` WireGuard supports setting a DNS search domain. In your `wg0.conf` file a non-numeric entry on the `DNS` line will be used as a search domain. For example this:
			```
			`DNS = 172.27.153.31, fd00::b:991f, mydomain.com`
			```
			will cause your `/etc/resolv.conf` to contain:
			```
			`search mydomain.com`
			`nameserver 172.27.153.31`
			`nameserver fd00::b:991f`
			```
			`If you're using the version of WireGuard included with Ubuntu as of 19.10 it might be from before this feature was added. To use the latest version of WireGuard add the PPA repository as shown above.`

			`Note that using the PPA repository on Ubuntu 20.04 LTS instead of the WireGuard modules shipped in the kernel package may cause the installation of about 40 additional packages in order to compile the kernel module.`