WireGuard Part 3: WireGuard Installation

This article was last updated on: February 7, 2024 pm

Synopsis of the series:

  1. WireGuard article series (1): What is a VPN?
  2. WireGuard Part 2: Introduction to WireGuard - Fast, Modern, Secure VPN Tunnels

The installation of WireGuard is not difficult, here is the example of the equipment I used, including:

  1. Linux - Ubuntu 20.04
  2. Windows 10
  3. NAS - QNAP QTS 5.0
  4. Android

Ubuntu 20.04

⚠️ note

WireGuard has Linux kernel version requirements.5.4 The above kernels include it.
If the kernel is lower than this version (typical such as RHEL and CentOS), it will require a more complex process involving kernel compilation, please log in yourselfOfficial websiteFind out more.

1
$ sudo apt install wireguard

After successful installation, there are the following files:

  1. CLI
    1. wg
    2. wg-quick
  2. Systemd
    1. [email protected]
    2. wg-quick.target
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# which wg
/usr/bin/wg # WireGuard CLI

# which wg-quick
/usr/bin/wg-quick # WireGuard 快速 CLI

# sudo ls -l /etc/
drwx------ 2 root root       4096 Aug  4  2020 wireguard    # WireGuard 默认配置文件位置 

# sudo systemctl list-unit-files
UNIT FILE                              STATE           VENDOR PRESET
[email protected]                      disabled        enabled
wg-quick.target                        static          enabled

# pwd
/lib/systemd/system # WireGuard 2 个 Service 所在的目录 

# cat [email protected]
# /usr/lib/systemd/system/[email protected]
[Unit]
Description=WireGuard via wg-quick(8) for %I
After=network-online.target nss-lookup.target
Wants=network-online.target nss-lookup.target
PartOf=wg-quick.target
Documentation=man:wg-quick(8)
Documentation=man:wg(8)
Documentation=https://www.wireguard.com/
Documentation=https://www.wireguard.com/quickstart/
Documentation=https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
Documentation=https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/bin/wg-quick up %i
ExecStop=/usr/bin/wg-quick down %i
ExecReload=/bin/bash -c 'exec /usr/bin/wg syncconf %i <(exec /usr/bin/wg-quick strip %i)'
Environment=WG_ENDPOINT_RESOLUTION_RETRIES=infinity

[Install]
WantedBy=multi-user.target

# cat wg-quick.target
[Unit]
Description=WireGuard Tunnels via wg-quick(8)

✔️ Practical tips

You can add the following line to the service file of WireGuard to reload the configuration without interruption.
ExecReload=/bin/bash -c 'exec /usr/bin/wg syncconf %i <(exec /usr/bin/wg-quick strip %i)'

Windows 10

After installation, the WireGuard UI is as follows:

WireGuard UI

After starting WireGuard, there are 2 services:

WireGuardManager 服务

WireGuard Tunnel 服务

Android

WireGuard Android client:

WireGuard Android 客户端

QNAP QTS 5.0

Why would I tinker with WireGuard, but here’s what happened:

  1. The telecommunications network at home, there is no public network IPv4, before calling to ask for a public network address, gave a public network IPv4, but found that it was secretly withdrawn 😓 after a while Although there is an IPv6 public network address, many applications do not support it

  2. QNAP provided by QNAPCloud has a very poor user experience without public IPv4

  3. Home VPNs have been built with OpenVPN and IPsec, and the performance and user experience are really not good

  4. The front-end time NAS was upgraded to QTS 5.0 (for security purposes, it will closely follow the vendor upgrade), and it was found that the Linux kernel has been upgraded 5.10, comes with WireGuard: 😏😏😏
    QTS 5.0 Linux Kernel 5.10

    QTS 5.0 支持 WireGuard

  5. “The new QVPN 3.0 integrates the acclaimed, lighter, and more stable WireGuard VPN service, allowing you to easily set up and enjoy fast and secure connections through a simple user interface, making it ideal for working from home and working on the go.” Good guys, is it so awesome? That has to be tried.

  6. That’s why I was tinkering with WireGuard for more than a month.

In summary, QTS 5.0 has built-in WireGuard and does not require installation.

Out-of-box content includes:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
[~] # which wg
/usr/bin/wg
[~] # which wg-quick
/usr/bin/wg-quick

[~] # find / -name *wireguard* -type d 2>/dev/null
/share/CACHEDEV1_DATA/.qpkg/CodexPack/sys/module/wireguard
/share/CACHEDEV1_DATA/.qpkg/QVPN/wireguard_log  # wg 日志目录 
/sys/module/wireguard    
/mnt/HDA_ROOT/.config/qvpn/wireguard    # wg 默认配置目录,就是 `/etc/config/qvpn/wireguard/` 这个目录 

[~] # ll /share/CACHEDEV1_DATA/.qpkg/QVPN/wireguard_log
total 16K
drwxr-xr-x  2 admin administrators 4.0K 2021-11-12 23:01 ./
drwxr-xr-x 13 admin administrators 4.0K 2021-11-15 23:00 ../
-rw-rw-rw-  1 admin administrators 6.8K 2021-12-07 21:14 wg_server.log

[~] # find / -name *wireguard* -type f 2>/dev/null
/share/CACHEDEV1_DATA/.qpkg/container-station/usr/local/container-station/python/lib/python2.7/site-packages/pyroute2/netlink/generic/wireguard.pyc
/share/CACHEDEV1_DATA/.qpkg/container-station/usr/local/container-station/python/lib/python2.7/site-packages/pyroute2/netlink/generic/wireguard.py
/share/CACHEDEV1_DATA/.qpkg/container-station/usr/local/container-station/python/lib/python2.7/site-packages/scapy/contrib/wireguard.pyc
/share/CACHEDEV1_DATA/.qpkg/container-station/usr/local/container-station/python/lib/python2.7/site-packages/scapy/contrib/wireguard.py
/share/CACHEDEV1_DATA/.qpkg/QVPN/etc/init.d/vpn_wireguard_client.sh # 如果是用 qvpn 配置的 wireguard,那么这是 qvpn 调用 wireguard 的启动脚本 
/share/CACHEDEV1_DATA/.qpkg/QVPN/etc/init.d/vpn_wireguard.sh # 如果是用 qvpn 配置的 wireguard,那么这是 qvpn 调用 wireguard 的启动脚本 
/lib/modules/5.10.60-qnap/wireguard.ko

Resources