ForestVPN
Technology

WireGuard VPN Server Setup on Debian, Ubuntu, Fedora & Windows

Learn to install and configure WireGuard VPN on Debian, Ubuntu, Fedora, and Windows. Follow step‑by‑step commands, key generation, and client setup for connectivity.

2 мин чтения
WireGuard VPN Server Setup on Debian, Ubuntu, Fedora & Windows

Setup WireGuard VPN Server

Picture your home network locked tight like a vault, but with the speed of a racing drone. Forest VPN cuts the hassle by giving you a WireGuard backend that you can spin up on any server. In this walkthrough you’ll learn how to install and configure WireGuard on Debian, Ubuntu 22.04, Fedora, FreshTomato, and Windows, and then hook it up from Linux, macOS, Windows, and mobile devices.

Why use Forest VPN with WireGuard?

Here’s why you might want to pair Forest VPN with WireGuard:

  • Convenience – Forest VPN’s servers are ready to use with WireGuard, so you only need to run the commands below.
  • Affordability – Forest VPN offers competitive plans that include unlimited bandwidth and multiple server locations.
  • Performance – WireGuard is lightweight and fast, giving you low latency and high throughput.

Installation

Debian / Ubuntu 22.04

bash
1sudo apt update
2sudo apt install -y wireguard wireguard-tools

Fedora

bash
1sudo dnf install -y wireguard-tools
2# If you want the latest kernel module, enable RPM Fusion first:
3sudo dnf install -y https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-38.noarch.rpm

FreshTomato

bash
1# FreshTomato already ships with wireguard-tools via the package manager
2sudo apt install -y wireguard-tools
3sudo /opt/freshtomato/bin/wireguard.sh

Windows

typescript
1# Download the official MSI installer from the WireGuard website
2# Run the installer and follow the wizard.

Key Generation and Configuration

bash
1# Generate server keys
2wg genkey | tee server_private.key | wg pubkey > server_public.key
3# Generate client keys
4wg genkey | tee client_private.key | wg pubkey > client_public.key

Create /etc/wireguard/wg0.conf on the server:

typescript
1[Interface]
2PrivateKey = <contents of server_private.key>
3Address = 10.0.0.1/24
4ListenPort = 51820
5PostUp   = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
6PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
7

8[Peer]
9PublicKey = <client_public.key>
10AllowedIPs = 10.0.0.2/32

Create a client config (client.conf):

typescript
1[Interface]
2PrivateKey = <contents of client_private.key>
3Address = 10.0.0.2/32
4DNS = 1.1.1.1
5

6[Peer]
7PublicKey = <server_public.key>
8Endpoint = your.server.ip:51820
9AllowedIPs = 0.0.0.0/0
10PersistentKeepalive = 25

Enable WireGuard at Boot

bash
1sudo systemctl enable wg-quick@wg0
2sudo systemctl start wg-quick@wg0

On FreshTomato the wizard creates a cron job; verify with:

bash
1crontab -l

Verification

bash
1# On the client
2ping 10.0.0.1
3

4# On the server
5sudo wg show
6

7# Check exit IP
8curl https://ipinfo.io

GUI Tools

Platform

GUI Tool

How to Launch

Linux

wg‑quick

sudo wg-quick up wg0

Linux

NetworkManager‑wg

sudo apt install network-manager-wg and use the VPN tab

Windows

WireGuard App

Download, add profile

macOS

WireGuard App

Same as Windows

iOS/Android

WireGuard App

Scan QR code

FAQ

Q: Why does my client not connect? A: Ensure the firewall allows UDP 51820 and the endpoint IP is reachable.

TechnologyNetworkingVPN Setup