Peter Goodman bio photo

Peter Goodman

A software engineer and leader living in Auckland building products and teams. Originally from Derry, Ireland.

Twitter Google+ LinkedIn Github

Configuring a Wireguard client on Ubuntu to connect to your Unifi VPN Server

Lately on a trip to the UK I was tring to configure my Ubuntu laptop to connect back home to my Unifi Dream Machine Pro via Wireguard.

It ended up being an absolutely nightmare due to the hotel Wifi, IPv6, and the fact that wireguard can be a little hard to configure.

So here are the simple steps to get it up and running.

1. Create a new VPN Server on Unifi Network

This tutorial covers what you need.

2. Create a new Client and download the config file

Again use this tutorial for the right steps to setup the Client on the Unifi Network Settings.

3. Make sure you have wireguard installed

sudo apt install && sudo apt install wireguard

4. Create a new link device with the name you want to call your VPN connection

sudo ip link add dev test-client type wireguard

5. Rename the Client file to the same name as your connection

mv ~/Downloads/<file>.conf ~/Downloads/test-client.conf

6. Update the conf file to add DNS, PostUp, PostDown, and Allow ipv6 traffic.

[Interface]
PrivateKey = <private key>
Address = 192.168.14.4/32 # Take this IP from the Interface IP of the Client in Unifi console
DNS = 192.168.14.1,1.1.1.1,8.8.8.8 # Add additional DNS Servers
# Add PostUp and PostDown iptables config
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = <public key for VPN Config from Unifi Console>
AllowedIPs = 0.0.0.0/0,::/0 # Add ipv6 catch-all
Endpoint = <Your WAN IP Address>:51820

7. Use nmcli to import the conf file.

sudo nmcli conn import type wireguard file ~/Downloads/<file>.conf

8. Set ipv6 method to ignore.

nmcli c modify test-client ipv6.method ignore

9. Set autoconnect to false.

We don’t really want the connection to start on login

nmcli c modify test-client connection.autoconnect no

10. Start the connection.

nmcli c up test-client

11. Test.

curl zx2c4.com/ip

You should see the IP of your home Dream Machine Pro WAN. You can also now connect and disconnect from the Network section of your Ubuntu Settings.

Peter Goodman bio photo

Peter Goodman

A software engineer and leader living in Auckland building products and teams. Originally from Derry, Ireland.

Twitter Google+ LinkedIn Github

Configuring a Wireguard client on Ubuntu to connect to your Unifi VPN Server was published on by Peter Goodman.