This guide walks through a manual WireGuard setup on a LumaDock VPS running Ubuntu 22.04. It covers installation, key generation, configuration, firewall rules, and starting the VPN. If you prefer a ready solution, LumaDock also offers a 1-click WireGuard template.
Requirements
You will need a LumaDock VPS running Ubuntu 22.04 and SSH access as root or a sudo-enabled user.
Step 1 – Update the VPS
ssh root@YOUR_SERVER_IP apt update && apt upgrade -y
Install WireGuard
WireGuard is included in Ubuntu’s repositories and installs quickly.
Step 2 – Install WireGuard
apt install -y wireguard qrencode
Generate private and public keys
Keys must be created on the server before you configure peers.
Step 3 – Generate keys
umask 077 wg genkey | tee /etc/wireguard/privatekey | wg pubkey > /etc/wireguard/publickey
Create the main WireGuard interface
This example configures a basic wg0 interface and one peer entry.
Step 4 – Create configuration file
nano /etc/wireguard/wg0.conf
[Interface]
Address = 10.0.0.1/24
PrivateKey = (contents of /etc/wireguard/privatekey)
ListenPort = 51820
SaveConfig = true
[Peer]
PublicKey = CLIENT_PUBLIC_KEY
AllowedIPs = 10.0.0.2/32
Start WireGuard and enable it on boot
The wg-quick helper makes interface management simple.
Step 5 – Enable and start WireGuard
systemctl enable wg-quick@wg0
systemctl start wg-quick@wg0
Allow the VPN port in the firewall
WireGuard uses UDP on port 51820 by default.
Step 6 – Open firewall port
ufw allow 51820/udp
If you enable the LumaDock Cloud Firewall later, allow the same port there as well.
You can skip the manual setup entirely if you deploy the WireGuard VPN 1-click image in your LumaDock dashboard.