Installing and Configuring WireGuard on Ubuntu 18.04/20.04
We'll be describing the effective rule set to setup WireGuard over 51820/tcp as well as installing WireGuard on your Dedicated Server from Tempest Hosting, LLC.
First you'll need to make sure to whitelist your IP over 22/TCP so you are able to access the machine as port punching (DROP ALL) is applied by default.
After you've whitelisted yourself over SSH you'll need to whitelist the port that you plan on setting up WireGuard over typically this is 51820/UDP however this is customizable via WireGuard's configuration files.
After you've applied these two rules direct yourself to the filter tab on the firewall manager to apply the "WireGuard Server" filter over the port you've setup WireGuard for.
This filter enables layer 7 packet validation for WireGuard VPN servers. Note: To avoid packet loss from fragmentation, it is recommended that you adjust your MTU to 1360
Now that we have the proper firewall rules setup on the edge for WireGuard over UDP let's install WireGuard. You can do this by logging into your server and executing this command "wget https://pastebin.com/raw/ibF340pZ -O wireguard-install.sh" once you have done this you need to give the file proper permissions to execute "chmod +x wireguard-install.sh"
Now we have an WireGuard Installer setup script with the proper permissions we execute it by using the command "./wireguard-install.sh" which will present you with this screen.
This screen presents you with the options required to setup WireGuard on your server. First make sure that the IP it has obtained and asking you to use is the IP Address linked to your machine. You can check this through the service portal or by executing "curl ipinfo.io" on your machine. After this you can define several different options for your WireGuard instance such as the protocol it uses, the port it listens on, as well as the DNS it will assign for your clients to use. Shown is the default options being 51820/udp while using Cloudflare's 1.1.1.1 / 1.0.0.1 DNS. Once you have completed this allow the script to go through the setup process on it's own. Once the installation is completed you may connect to your WireGuard server using the client file, or even add new clients by executing the script again.
First you'll need to make sure to whitelist your IP over 22/TCP so you are able to access the machine as port punching (DROP ALL) is applied by default.
After you've whitelisted yourself over SSH you'll need to whitelist the port that you plan on setting up WireGuard over typically this is 51820/UDP however this is customizable via WireGuard's configuration files.
After you've applied these two rules direct yourself to the filter tab on the firewall manager to apply the "WireGuard Server" filter over the port you've setup WireGuard for.
This filter enables layer 7 packet validation for WireGuard VPN servers. Note: To avoid packet loss from fragmentation, it is recommended that you adjust your MTU to 1360
Now that we have the proper firewall rules setup on the edge for WireGuard over UDP let's install WireGuard. You can do this by logging into your server and executing this command "wget https://pastebin.com/raw/ibF340pZ -O wireguard-install.sh" once you have done this you need to give the file proper permissions to execute "chmod +x wireguard-install.sh"
Now we have an WireGuard Installer setup script with the proper permissions we execute it by using the command "./wireguard-install.sh" which will present you with this screen.
This screen presents you with the options required to setup WireGuard on your server. First make sure that the IP it has obtained and asking you to use is the IP Address linked to your machine. You can check this through the service portal or by executing "curl ipinfo.io" on your machine. After this you can define several different options for your WireGuard instance such as the protocol it uses, the port it listens on, as well as the DNS it will assign for your clients to use. Shown is the default options being 51820/udp while using Cloudflare's 1.1.1.1 / 1.0.0.1 DNS. Once you have completed this allow the script to go through the setup process on it's own. Once the installation is completed you may connect to your WireGuard server using the client file, or even add new clients by executing the script again.
Updated on: 22/03/2023
Thank you!