Invoking Wireguard VPN in Ubuntu

I use Ubuntu 20.04 LTS. With the kernel recently getting updated to 20.04.2 version, I find that *focal**updates of Wireguard package have got installed as: <wireguard/focal-updates,focal-updates,now 1.0.20200513-1~20.04.2 all [installed] >.
How do I get to know whether Wireguard VPN is “Active” or not? There appears to be no “indicator” or “icon” supporting its functionality on the desktop?

Are you using your system as a WireGuard node?

I am not using my system as a Wireguard node. The suggested procedure appears to be very elaborate and prone to mistakes by newbies.

Precisely. I rest my case. :wink:

New kernel versions and thus Ubuntu 20.04 has WireGuard installed as a kernel module.

This doesn’t mean that you have a VPN setup already and you can start using it. That’s not how it works.

This only helps in the fact that if you are setting up a WireGuard VPN server, you don’t need to explicitly install the kernel module for WireGuard.

This makes installing a WireGuard VPN server a much easier job.

But that’s about it. It doesn’t mean that every Linux user is automatically protected with WireGuard VPN :slight_smile:


Thanks for your update, Abhishek!

1 Like

Meanwhile, I have found the following relatively simpler “Quick Setup” automated solution with ansible, which incidentally is also available as a package along with the relevant git package in the Ubuntu 20.04.2 update:

Quick setup

On the client

git clone cd wireguard_ansible

*Edit hosts file in the that folder and fill in the IP field with the VPN server IP–> HOW?

Begin the remote installation process by running IP

ansible-playbook wireguard.yml -u root -k -i hosts

If you’re using an SSH key for authentication run this instead

ansible-playbook wireguard.yml -u root -i hosts --key-file /path/to/keyfile

Give it a few minutes and the server set up will be complete.

Ten client configs will be created on the VPN server in the folder /root/wg_clients. They will also be downloaded to the wireguard_role/profiles folder on your local host.

Assuming you’re using the first client config, copy it to /etc/wireguard/ and you can start using the VPN tunnel on your client.

To bring up the VPN interface

sudo wg-quick up wg0-client

To bring down the VPN interface

sudo wg-quick down wg0-client

To view connection details

sudo wg show

I am not clear about how to go about for:
*Edit hosts file in the that folder and fill in the IP field with the VPN server IP–> HOW

Can the above suggested step in the quoted extract be clarified please?


Your vpn provider should have informed you about it server’s IP address(es) which is a number like:

If you look at the git package, there is a file called hosts. After doing the installation procedure as suggested, you should find it in:


open it with e.g. sudo nano /etc/wireguard/hosts and replace the field <IP> with the number given to you by your vpn-provider.

Thanks for your support.

@anman49 Please let us know if it helped.

Sure! It might take a while for me get a hang of the procedure.

1 Like

Another query related to the same matter:
(1) There are distinctly different 4 IP addresses: IPv4, IPv6, Default Route and DNS; which of these four should be taken for insertion as the server IP address?
(2) If there are more than one VPN-Provider / ISP’s (Internet Service Providers) for a device, can more than one server IP address be inserted in the /etc/wireguard/hosts location and how?

Actually, you’re paying for a service (Wireguard). They should be better at providing assistance than some random chick on the internet. Just saying…

Modern operating systems should be able to handle IPv6 addresses and that should be the one to use. Should you run into problems, it is probably an issue with your ISP. In that case, use IPv4. You’ll have to try it out.

The IP, you have to fill into the <IP> field of the /etc/wireguard/hosts is the “Default route”.
The DNS you’ve been given can be added as an additional line to your /etc/resolv.conf file, like:
nameserver <dns-address> but that is only necessary if you have problems.

If you have more than one ISP, it doesn’t matter. Regardless of which one you’re using, your VPN application will route your traffic through the “default route”.

Should you have more than one VPN-provider, you’d have to follow the instructions in their manual. In any case, you shouldn’t try to add another provider’s configuration to /etc/wireguard. That would clearly mess things up.
However, you can add as many nameservers as you wish to /etc/resolv.conf.

1 Like

I attempted the Wireguard VPN installation today. It failed to install. Reproduced below is the terminal output:
*anand@anand-inspiron-n5010:~$ git clone *
Cloning into ‘wireguard_ansible’…
remote: Enumerating objects: 8, done.
remote: Counting objects: 100% (8/8), done.
remote: Compressing objects: 100% (8/8), done.
remote: Total 216 (delta 1), reused 0 (delta 0), pack-reused 208
Receiving objects: 100% (216/216), 40.35 KiB | 219.00 KiB/s, done.
Resolving deltas: 100% (115/115), done.
anand@anand-inspiron-n5010:~$ cd wireguard_ansible
anand@anand-inspiron-n5010:~/wireguard_ansible$ sudo nano /etc/wireguard/hosts
Face detection timeout reached
*[sudo] password for anand: *
*anand@anand-inspiron-n5010:~/wireguard_ansible$ ansible-playbook wireguard.yml -u root -i hosts *

Command ‘ansible-playbook’ not found, but can be installed with:

sudo apt install ansible

anand@anand-inspiron-n5010:~/wireguard_ansible$ sudo apt install ansible
Reading package lists… Done
*Building dependency tree *
Reading state information… Done
The following additional packages will be installed:

  • ieee-data python3-argcomplete python3-jinja2 python3-jmespath python3-kerberos python3-libcloud python3-netaddr python3-ntlm-auth*
  • python3-requests-kerberos python3-requests-ntlm python3-selinux python3-winrm python3-xmltodict*
    Suggested packages:
  • cowsay sshpass python-jinja2-doc ipython3 python-netaddr-docs*
    The following NEW packages will be installed:
  • ansible ieee-data python3-argcomplete python3-jinja2 python3-jmespath python3-kerberos python3-libcloud python3-netaddr python3-ntlm-auth*
  • python3-requests-kerberos python3-requests-ntlm python3-selinux python3-winrm python3-xmltodict*
    0 upgraded, 14 newly installed, 0 to remove and 0 not upgraded.
    Need to get 9,398 kB of archives.
    After this operation, 88.5 MB of additional disk space will be used.
    Do you want to continue? [Y/n] y
    Get:1 focal/main amd64 python3-jinja2 all 2.10.1-2 [95.5 kB]
    Get:2 focal/main amd64 ieee-data all 20180805.1 [1,589 kB]
    Get:3 focal/main amd64 python3-netaddr all 0.7.19-3 [235 kB]
    Get:4 focal/universe amd64 ansible all 2.9.6+dfsg-1 [5,794 kB]
    Get:5 focal/universe amd64 python3-argcomplete all 1.8.1-1.3ubuntu1 [27.2 kB]
    Get:6 focal/main amd64 python3-jmespath all 0.9.4-2 [21.3 kB]
    Get:7 focal/universe amd64 python3-kerberos amd64 1.1.14-3.1build1 [22.6 kB]
    Get:8 focal/universe amd64 python3-libcloud all 2.8.0-1 [1,403 kB]
    Get:9 focal/universe amd64 python3-ntlm-auth all 1.1.0-1 [19.6 kB]
    Get:10 focal/universe amd64 python3-requests-kerberos all 0.12.0-2 [11.9 kB]
    Get:11 focal/universe amd64 python3-requests-ntlm all 1.1.0-1 [6,004 B]
    Get:12 focal/universe amd64 python3-selinux amd64 3.0-1build2 [139 kB]
    Get:13 focal/universe amd64 python3-xmltodict all 0.12.0-1 [12.6 kB]
    Get:14 focal/universe amd64 python3-winrm all 0.3.0-2 [21.7 kB]
    *Fetched 9,398 kB in 2s (3,848 kB/s) *
    Selecting previously unselected package python3-jinja2.
    (Reading database … 250518 files and directories currently installed.)
    Preparing to unpack …/00-python3-jinja2_2.10.1-2_all.deb …
    Unpacking python3-jinja2 (2.10.1-2) …
    Selecting previously unselected package ieee-data.
    Preparing to unpack …/01-ieee-data_20180805.1_all.deb …
    Unpacking ieee-data (20180805.1) …
    Selecting previously unselected package python3-netaddr.
    Preparing to unpack …/02-python3-netaddr_0.7.19-3_all.deb …
    Unpacking python3-netaddr (0.7.19-3) …
    Selecting previously unselected package ansible.
    Preparing to unpack …/03-ansible_2.9.6+dfsg-1_all.deb …
    Unpacking ansible (2.9.6+dfsg-1) …
    Selecting previously unselected package python3-argcomplete.
    Preparing to unpack …/04-python3-argcomplete_1.8.1-1.3ubuntu1_all.deb …
    Unpacking python3-argcomplete (1.8.1-1.3ubuntu1) …
    Selecting previously unselected package python3-jmespath.
    Preparing to unpack …/05-python3-jmespath_0.9.4-2_all.deb …
    Unpacking python3-jmespath (0.9.4-2) …
    Selecting previously unselected package python3-kerberos.
    Preparing to unpack …/06-python3-kerberos_1.1.14-3.1build1_amd64.deb …
    Unpacking python3-kerberos (1.1.14-3.1build1) …
    Selecting previously unselected package python3-libcloud.
    Preparing to unpack …/07-python3-libcloud_2.8.0-1_all.deb …
    Unpacking python3-libcloud (2.8.0-1) …
    Selecting previously unselected package python3-ntlm-auth.
    Preparing to unpack …/08-python3-ntlm-auth_1.1.0-1_all.deb …
    Unpacking python3-ntlm-auth (1.1.0-1) …
    Selecting previously unselected package python3-requests-kerberos.
    Preparing to unpack …/09-python3-requests-kerberos_0.12.0-2_all.deb …
    Unpacking python3-requests-kerberos (0.12.0-2) …
    Selecting previously unselected package python3-requests-ntlm.
    Preparing to unpack …/10-python3-requests-ntlm_1.1.0-1_all.deb …
    Unpacking python3-requests-ntlm (1.1.0-1) …
    Selecting previously unselected package python3-selinux.
    Preparing to unpack …/11-python3-selinux_3.0-1build2_amd64.deb …
    Unpacking python3-selinux (3.0-1build2) …
    Selecting previously unselected package python3-xmltodict.
    Preparing to unpack …/12-python3-xmltodict_0.12.0-1_all.deb …
    Unpacking python3-xmltodict (0.12.0-1) …
    Selecting previously unselected package python3-winrm.
    Preparing to unpack …/13-python3-winrm_0.3.0-2_all.deb …
    Unpacking python3-winrm (0.3.0-2) …
    Setting up python3-ntlm-auth (1.1.0-1) …
    Setting up python3-kerberos (1.1.14-3.1build1) …
    Setting up python3-libcloud (2.8.0-1) …
    Setting up python3-xmltodict (0.12.0-1) …
    Setting up python3-jinja2 (2.10.1-2) …
    Setting up python3-jmespath (0.9.4-2) …
    /usr/lib/python3/dist-packages/jmespath/ SyntaxWarning: “is” with a literal. Did you mean “==”?
  • if x is 0 or x is 1:*
    /usr/lib/python3/dist-packages/jmespath/ SyntaxWarning: “is” with a literal. Did you mean “==”?
  • if x is 0 or x is 1:*
    /usr/lib/python3/dist-packages/jmespath/ SyntaxWarning: “is” with a literal. Did you mean “==”?
  • elif y is 0 or y is 1:*
    /usr/lib/python3/dist-packages/jmespath/ SyntaxWarning: “is” with a literal. Did you mean “==”?
  • elif y is 0 or y is 1:*
    /usr/lib/python3/dist-packages/jmespath/ SyntaxWarning: “is” with a literal. Did you mean “==”?
  • if original_result is 0:*
    Setting up python3-requests-kerberos (0.12.0-2) …
    Setting up ieee-data (20180805.1) …
    Setting up python3-selinux (3.0-1build2) …
    Setting up python3-argcomplete (1.8.1-1.3ubuntu1) …
    Setting up python3-requests-ntlm (1.1.0-1) …
    Setting up python3-netaddr (0.7.19-3) …
    /usr/lib/python3/dist-packages/netaddr/strategy/ SyntaxWarning: “is not” with a literal. Did you mean “!=”?
  • if word_sep is not ‘’:*
    Setting up python3-winrm (0.3.0-2) …
    Setting up ansible (2.9.6+dfsg-1) …
    Processing triggers for man-db (2.9.1-1) …
    *anand@anand-inspiron-n5010:~/wireguard_ansible$ ansible-playbook wireguard.yml -u root -i hosts *

*PLAY [Setup Wireguard VPN on a remote server] *********************************************************************************************************

*TASK [Gathering Facts] ********************************************************************************************************************************
fatal: []: UNREACHABLE! => {“changed”: false, “msg”: “Failed to connect to the host via ssh: ssh: Could not resolve hostname : Name or service not known”, “unreachable”: true}

*PLAY RECAP ********************************************************************************************************************************************
* : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0 *

anand@anand-inspiron-n5010:~/wireguard_ansible$ cd
*anand@anand-inspiron-n5010:~$ ansible-playbook wireguard.yml -u root -i hosts *
ERROR! the playbook: wireguard.yml could not be found

After cloning and installing ansible as prompted, a new file at /etc/wireguard/hosts opened with no field entry. I manually entered with the default route IP of the server.
How do I troubleshoot?

I am not going to read all this is detail, but from what I see, the Python code delivered to you is buggy on a very elementary level:

I do not have much experience in this language, but if I recall right, a statement like
if x is 0
doesn’t make any sense.
The is operator compares two variables, actually references to objects, whether they refer to the same original object.

What the “programmer” intended to do, is to check whether the value of the variable x is identical to the value of an expression. In that case, the whole expression x is 0 will always evaluate to false.

You have been delivered faulty code.

Python specialists, feel free to correct me, but to me it seems that the “programmer” wasn’t aware of the most basic concepts behind the language design.

1 Like

In, again, other languages this operator checks if the given variable is of a certain type. Example: if s is string.

If the delivered code is faulty, I shall then attempt the suggested standard recommended code.