Question Help me to set up Wireguard server on Ubuntu 22.04 LTS

[GorgKhan]

I get a virtual Cloud Server which is Ubuntu 22.04 LTS. I followed this tutorial.
I don't know why my IP is 192.168.0.22 rather than showing my public IP address in terminal.

Also this is the Code I used:

sudo apt update

nano /etc/sysctl.d/99-sysctl.conf
#    to Enable ip4 forward = 1

sudo ufw allow 51820/udp
sudo ufw allow 53/udp
sudo ufw allow 80/udp
sudo ufw allow 443/udp
sudo ufw allow 53/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow OpenSSH

sudo ufw disable
sudo ufw enable

systemctl reboot

sudo apt install wireguard

wg genkey | sudo tee /etc/wireguard/srvrpri.key
sudo chmod go= /etc/wireguard/srvrpri.key

sudo cat /etc/wireguard/srvrpri.key | wg pubkey | sudo tee /etc/wireguard/srvrpub.key

sudo nano /etc/wireguard/wg0.conf


[Interface]
PrivateKey = srvrpri.key
Address = 172.16.0.1/24
ListenPort = 51820
SaveConfig = true
PostUp = ufw route allow in on wg0 out on enp3s0
PostUp = iptables -t nat -I POSTROUTING -o enp3s0 -j MASQUERADE
PreDown = ufw route delete allow in on wg0 out on enp3s0
PreDown = iptables -t nat -D POSTROUTING -o enp3s0 -j MASQUERADE

[Peer]
PublicKey = cleint0pubkey.key
AllowedIPs = 172.16.0.2/32



sudo systemctl enable wg-quick@wg0.service

sudo systemctl start wg-quick@wg0.service

sudo systemctl status wg-quick@wg0.service

 

[lantis3]

why my IP is 192.168.0.22 rather than showing my public IP address

Because you are behind ISP's NAT, just like your home LAN. Public IP costs money. You will never get it for free.
And if you have a public IP for your machine, if you didn't configure or setup firewall correctly, the minute you power on the machine, you will be under immediate and constant attacks from the internet.

Use Tailscale instead if for personal use. Free for 3 users/100 devices.
Tailscale is based on Wireguard but use UDP instead TCP.
https://tailscale.com/compare/wireguard

• No port forwarding required.
• No key generation required.
• No private / public keys paring.
• No public IP required.
• No firewall configuration required, at least on Windows.

Tailscale will give you a complex long public domain name. But if you turn on its free MagicDNS feature, you can use machine name directly without appending that domain name.

You also don't have to set config files. At least for my Windows experience.

Many tutorials on Youtube.

Not familiar with Linux, just playing with desktop in the VM.

https://tailscale.com/pricing

simple instruction for Ubuntu
https://tailscale.com/kb/1187/install-ubuntu-2204

Alternatives

https://www.reddit.com/r/selfhosted/comments/z92w3j/im_speechless_for_services_like_tailscale_whats/

 

[GorgKhan]

Use Tailscale

Thanks. I tried Tailscale, and it was slow for me.

you are behind ISP's NAT

OK I get a public IP. I guess I configured it properly.
Now I receive handshake but nothing is going to be transfered and I can't open any page by firefox. So what's wrong?

 

[lantis3]

I don't use Wireguard at all and never set it up. Also never setup Linux firewall.

Tailscale although is based on Wireguard, however Tailscale uses UDP, no firewall config and port forwarding required, and Wireguard uses TCP, which requires port forwarding, which I have no idea what to do since I never use cloud VM before. Can't help. You probably need to ask your ISP or read their docs.

You should also only use one of them, running both at the same time could cause conflicts/problems I guess.

The other option is ZeroTier, also free and no firewall/port forwarding required.

Both ZeroTier & Talescale have many tutorials on YT.

Don't know what the purpose of your ubuntu server is for. BTW, I'm still learning Linux, don't count on me for Linux knowledge.

 

[GorgKhan]

I don't use Wireguard at all and never set it up. Also never setup Linux firewall.

Tailscale although is based on Wireguard, however Tailscale uses UDP, no firewall config and port forwarding required, and Wireguard uses TCP, which requires port forwarding, which I have no idea what to do since I never use cloud VM before. Can't help. You probably need to ask your ISP or read their docs.

You should also only use one of them, running both at the same time could cause conflicts/problems I guess.

The other option is ZeroTier, also free and no firewall/port forwarding required.

Both ZeroTier & Talescale have many tutorials on YT.

Don't know what the purpose of your ubuntu server is for. BTW, I'm still learning Linux, don't count on me for Linux knowledge.

Wireguard uses 51820 UDP port. I aim for performance so Wireguard is the winner, although tailscale is quite simple to set up.

I'm confused. Could the server ip be blocked by clients ISP? or the 51820 UDP port also blocked by clients ISP?

 

[lantis3]

Who is your ISP and what's your cloud VM plan? Their setup guide info?

So Wireguard also use UDP? I remembered it wrong?
https://en.wikipedia.org/wiki/WireGuard

 

[GorgKhan]

Who is your ISP and what's your cloud VM plan? Their setup guide info?

I live in Iran and my ISP is MOKHABERAT and I'm using VDSL. the port forwarding is only for servers right?

So Wireguard also use UDP? I remembered it wrong?
https://en.wikipedia.org/wiki/WireGuard

Yes. Check the Networking section of the link provided:
WireGuard uses only[11] UDP,[5] due to the potential disadvantages of TCP-over-TCP.[11][12][13] Tunneling TCP over a TCP-based connection is known as "TCP-over-TCP", and doing so can induce a dramatic loss in transmission performance due to the TCP meltdown problem.

 

[GorgKhan]

The other option is ZeroTier, also free and no firewall/port forwarding required.
Both ZeroTier & Talescale have many tutorials on YT.

My goal is only Speed/Performance cuz about 10 people is going to connect to it to bypass the blocked content. So Speed is the key. I searched and Wireguard is the best among other options.

Don't know what the purpose of your ubuntu server is for. BTW, I'm still learning Linux, don't count on me for Linux knowledge.

My goal is to access blocked content by a few people. thanks for helping.

 

[lantis3]

What I found, you need to find other way.

https://tinyurl.com/3vuusfh2

Wireguard is not the only VPN, join Reddit and discuss there.