Monday, December 5, 2022

How to Create a VPN with WireGuard and Eastlink Cloud


WireGuard is a free and open-source application tool that implements VPN to establish secure point-to-point connections bridged configurations. WireGuard serves as a modern and high-performance VPN which is also easy to use. Popular VPN technologies such as OpenVPN and IPSEC are often complex to set up so, WireGuard aims to provide a VPN that is both simple and highly effective. WireGuard creates a point-to-point connection between two machines without mediation by a central server.

In this tutorial, we will learn how to establish a point-to-point VPN connection with WireGuard using Eastlink Cloud ECS of two Ubuntu 16.04 servers.


  1. You must have two Eastlink Cloud Elastic Compute Service (ECS) instances activated and have verified your valid payment method. If you are a new user, you can get a free account in your Alibaba Cloud account. If you don’t know about how to set up your ECS instance, you can refer to this tutorial or quick-start guide. Your ECS instance must have at least 1GB RAM and 1 Core processor.
  2. You have a domain name registered from Eastlink Cloud. If you have already registered a domain from Eastlink Cloud or any other host, you can update its domain nameserver records.
  3. You have a non-root user with sudo privileges on each server.


Follow the stpes outlined below to learn how to establish a point-to-point VPN connection with WireGuard on Eastlink Cloud ECS instances.

Installing WireGuard

We will need to install WireGuard software on each server before we can continue. First of all, you will need to add the WireGuard PPA to the system using the following command on each server.

You’ll be asked to add the new package source, hit the ENTER button to continue. Now, upgrade all the available packages using the sudo apt-get update command.

Next, you will need to install the WireGuard kernel module with the required components. Execute the following command on each server and it’ll do the job for you.

Configuring WireGuard

After the WireGuard is installed then you can proceed further to the configuration. You will need to generate a private key and write it directly to a WireGuard configuration file. Execute the following command on each server to write the initial contents of a configuration file to:

Next, you will need to open the configuration file using any editor. You can do so with the sudo nano /etc/wireguard/wg0.conf command.

You will find your generated key in this file under '[Interface]' section. This section contains all the configuration details for the local side of the connection.

You will have to add the port number that it will listen on for connections from peers. Simply just add the ListenPort and SaveConfig line below the PrivateKey line under [Interface] section like this:

Set the ListenPort on each host to the port you've selected. SaveConfig = true line will tell the 'wg-quick' service to automatically save its active configuration when you shut down.

Next, you will need to address the definition to each server. Here we will use a subnet as the address space for VPN, you can choose any unique address within its range. We will use the subnet as the address space so its range will be ( to, you can pick any address within this range and specify the address and subnet using CIDR notation.
For example, the address of our first server is, which is represented as in CIDR notation. 


Please replace the value of PublicKey. You can find the value of PublicKey using the cat /etc/wireguard/publickey command on your first server. Now we know the specific address of the first server so, replace the value of AllowedIPs followed by /32 to define the range of Allowed IP value.
Finally, replace the value of Endpoint with the Public IP address of the first server and the port number that WireGuard is listening on and then save the configuration file of the second server and exit from the editor.

Starting the VPN

WireGuard is installed on your servers and everything is configured now we are ready to start the VPN and establish a connection between our two servers. Open the WireGurad port in Firewall on each server. Execute the sudo ufw allow 5555 command on each server to do so.

Next, you will need to start the wg-quick service using the sudo systemctl start wg-quick@wg0 command.

You can check the active configuration of the VPN using the sudo wg command. On the first server,


In this tutorial, you installed WireGuard on two Eastlink Cloud ECS installed with Ubuntu 16.04, and you also configured each host as a server and established a secure point-to-point connection to its peer. WireGuard is a great option for establishing these kinds of connections due to its flexibility, light-weight implementation. We hope now you have enough knowledge to work with WireGuard.


Related Articles

- Advertisment -

Recent Articles


Popular Articles

Site Translate »
%d bloggers like this: