From ee3cb979f770e92899627b70c013a6d8a90a33a8 Mon Sep 17 00:00:00 2001 From: David Myers Date: Tue, 28 Aug 2018 10:25:40 -0400 Subject: [PATCH] Document how to use WireGuard on Ubuntu clients (#1071) --- README.md | 1 + docs/client-linux-wireguard.md | 48 ++++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 docs/client-linux-wireguard.md diff --git a/README.md b/README.md index 176f9ac..26440fd 100644 --- a/README.md +++ b/README.md @@ -190,6 +190,7 @@ After this process completes, the Algo VPN server will contains only the users l * Client setup - Setup [Android](docs/client-android.md) clients - Setup [Generic/Linux](docs/client-linux.md) clients with Ansible + - Setup Ubuntu clients to use [WireGuard](docs/client-linux-wireguard.md) * Cloud setup - Configure [Amazon EC2](docs/cloud-amazon-ec2.md) - Configure [Azure](docs/cloud-azure.md) diff --git a/docs/client-linux-wireguard.md b/docs/client-linux-wireguard.md new file mode 100644 index 0000000..123ab76 --- /dev/null +++ b/docs/client-linux-wireguard.md @@ -0,0 +1,48 @@ +# Using Ubuntu Server as a Client with WireGuard + +## Install WireGuard + +To connect to your Algo VPN using [WireGuard](https://www.wireguard.com) from an Ubuntu Server 16.04 (Xenial) or 18.04 (Bionic) client, first install WireGuard on the client: + +``` +# Add the WireGuard repository: +sudo add-apt-repository ppa:wireguard/wireguard +# Update the list of available packages (not necessary on Bionic): +sudo apt update +# Install the tools and kernel module: +sudo apt install wireguard +``` + +(For installation on other Linux distributions, see the [Installation](https://www.wireguard.com/install/) page on the WireGuard site.) + +## Locate the Config File + +The Algo-generated config files for WireGuard are named `configs//wireguard/.conf` on the system where you ran `./algo`. One file was generated for each of the users you added to `config.cfg` before you ran `./algo`. Each Linux and Android client you connect to your Algo VPN must use a different WireGuard config file. Choose one of these files and copy it to your Linux client. + +If your client is running Bionic (or another Linux that uses `systemd-resolved` for DNS) you should first edit the config file. Comment out the line that begins with `DNS =` and replace it with: +``` +PostUp = systemd-resolve -i %i --set-dns=172.16.0.1 --set-domain=~. +``` +Use the IP address shown on the `DNS =` line (for most, this will be `172.16.0.1`). If the `DNS =` line contains multiple IP addresses, use multiple `--set-dns=` options. + +## Configure WireGuard + +Finally, install the config file on your client as `/etc/wireguard/wg0.conf` and start WireGuard: + +``` +# Install the config file to the WireGuard configuration directory on your +# Bionic or Xenial client: +sudo install -o root -g root -m 600 .conf /etc/wireguard/wg0.conf +# Start the WireGuard VPN: +sudo systemctl start wg-quick@wg0 +# Check that it started properly: +sudo systemctl status wg-quick@wg0 +# Verify the connection to the Algo VPN: +sudo wg +# See that your client is using the IP address of your Algo VPN: +curl ipv4.icanhazip.com +# Optionally configure the connection to come up at boot time: +sudo systemctl enable wg-quick@wg0 +``` + +(If your Linux distribution does not use `systemd`, you can bring up WireGuard with `sudo wg-quick up wg0`). \ No newline at end of file