![\"\"](\"https:\/\/blog.danjoannis.com\/wp-content\/uploads\/2025\/10\/Screenshot-from-2025-10-19-14-16-08.png\")
<\/a><\/figure>\n<\/div>\n\n\nWireGuard is one of many protocols for VPN tunnels, and I’ve been using it for the past few years. That’s not to say it is the first VPN server I’ve worked with, oh no – there is a list:<\/p>\n\n\n\n
- \n
- PPTP\/MS CHAP on DD-WRT (ew)<\/li>\n\n\n\n
- L2TP\/IPsec with SoftEther\/pfSense<\/li>\n\n\n\n
- SSLVPN with WatchGuard<\/li>\n\n\n\n
- OpenVPN with SoftEther\/pfSense\/OPNsense<\/li>\n\n\n\n
- WireGuard with OPNsense<\/li>\n<\/ul>\n\n\n\n
While not a VPN newb, the experience using WireGuard seems variable on different platforms. The Windows WireGuard client is excellent. The Android client is even better, with the QR code automatic configuration.<\/p>\n\n\n\n
So why am I having problems now? Well, recently I decided that fighting M$ is no longer worth it. After many failed attempts over the years, I’ve finally converted all my servers and daily-driver PCs to run some variant of Linux (\ud83d\udc4f slow clap).<\/p>\n\n\n\n
With Ubuntu on my PC, I got to work configuring the system the way I need – which includes setting up my WireGuard VPN connection. This is where the rabbit hole began, and is why this write-up exists.<\/p>\n\n\n
\n![\"\"](\"https:\/\/blog.danjoannis.com\/wp-content\/uploads\/2025\/10\/image.png\")
<\/a>It says connected, but it’s not!<\/figcaption><\/figure>\n<\/div>\n\n\n Once it was configured and added, toggling on the VPN connection seemed to work, but no traffic flowed. Also, the server did not show the connection. Why are things always harder on Linux.<\/sub><\/p>\n\n\n\n
The Problem<\/h2>\n\n\n
\n![\"\"](\"https:\/\/blog.danjoannis.com\/wp-content\/uploads\/2025\/10\/SystemProblem.png\")
<\/a>I see this a lot.<\/figcaption><\/figure>\n<\/div>\n\n\n Let’s not beat around the bush, the VPN configuration section under GNOME Settings has some flaws and bugs. <\/p>\n\n\n\n
- \n
- If you switch windows from the Peer settings modal, for example to copy the Public Key from your browser, the modal goes away and doesn’t save what you just entered.<\/li>\n\n\n\n
- If you change the MTU or fwmark back to 0, GNOME Settings just crashes.<\/li>\n<\/ul>\n\n\n\n
Working around the annoying copy-paste process for the Public Key, adding the WireGuard configuration wasn’t the problem. It was actually connecting afterwards.<\/p>\n\n\n
\n![\"\"](\"https:\/\/blog.danjoannis.com\/wp-content\/uploads\/2025\/10\/Screenshot-from-2025-10-19-14-45-19.png\")
<\/a>Wow, real helpful. I guess it isn’t working?<\/figcaption><\/figure>\n<\/div>\n\n\n LMGTFY<\/h2>\n\n\n\n
You know I searched. There are tons<\/a> of<\/a> guides<\/a> that make it seem easy<\/a>. And none of them hit the nail on the head for this issue (though that last one was where I had a eureka moment).<\/p>\n\n\n\n
The logical search term “can’t connect ubuntu wireguard client” did not find the answer – so I’m writing this article hoping you searched for the same thing and it solves your problem.<\/p>\n\n\n\n
TL;DR<\/h2>\n\n\n\n
Here is the solution that worked in my case.<\/p>\n\n\n\n\n\n\n\n
You may need to modify some things to suit your desired configuration. In my environment, I want the following:<\/p>\n\n\n\n
- \n
- All traffic through VPN.<\/li>\n\n\n\n
- DNS through VPN\/firewall.<\/li>\n\n\n\n
- No IPv6.<\/li>\n<\/ul>\n\n\n\n
How to Configure WireGuard Client on Ubuntu 24<\/h2>\n\n\n\n
- \n
- In OPNsense, go to the WireGuard Peer Generator.\n
- \n
- Fill in everything as needed for your new Ubuntu client.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- On the Ubuntu PC, open Settings -> Network and click “+” under VPN.\n
- \n
- Select WireGuard.<\/li>\n\n\n\n
- Configure as follows:<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
WireGuard tab<\/strong><\/h3>\n\n\n\n
- \n
- Enter Connection Name (ex. MyVPN).<\/li>\n\n\n\n
- Enter Interface Name (ex. wg0).<\/li>\n\n\n\n
- Copy and paste Private Key from Peer Generator.<\/li>\n\n\n\n
- Enter Listen Port (ex. 44444, anything but the port used by your server which is default 51820).<\/li>\n\n\n\n
- Copy the server’s<\/em> Public Key from the [Peer] section of Config in the Peer Generator (important to do now).<\/li>\n\n\n\n
- Click “+” under Peers\n
- \n
- Endpoint address: manually type it with port (ex. yourdomain.tld:port).<\/li>\n\n\n\n
- Public key: paste the server’s public key<\/em> you previously copied.<\/li>\n\n\n\n
- Pre-shared key: if you have one, leave alone for now.<\/li>\n\n\n\n
- Allowed IPs addresses: 0.0.0.0\/0<\/li>\n\n\n\n
- Click Apply.<\/li>\n\n\n\n
- If you have a Preshared Key:\n
- \n
- Copy it from Peer Generator.<\/li>\n\n\n\n
- Edit the newly created peer.<\/li>\n\n\n\n
- Paste it in the field.<\/li>\n\n\n\n
- Click Apply.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
![\"\"](\"https:\/\/blog.danjoannis.com\/wp-content\/uploads\/2025\/10\/vlcsnap-2025-10-19-15h42m55s965.png\")
<\/a><\/figure>\n<\/div>\n\n\nIPv4 tab<\/strong><\/h3>\n\n\n\n
- \n
- IPv4 Method: Manual<\/li>\n\n\n\n
- Addresses:\n
- \n
- Address: <static IP assigned to client><\/li>\n\n\n\n
- Network: <network mask (i.e. \/24 and not \/32)><\/li>\n\n\n\n
- Gateway: <blank><\/li>\n<\/ul>\n<\/li>\n\n\n\n
- DNS: <blank><\/li>\n\n\n\n
- Routes: <blank><\/li>\n<\/ul>\n\n\n\n
![\"\"](\"https:\/\/blog.danjoannis.com\/wp-content\/uploads\/2025\/10\/Screenshot-from-2025-10-19-15-55-54.png\")
<\/a><\/figure>\n<\/div>\n\n\nIPv6 tab<\/strong><\/h3>\n\n\n\n
- \n
- Disable (in my case)<\/li>\n<\/ul>\n\n\n\n
![\"\"](\"https:\/\/blog.danjoannis.com\/wp-content\/uploads\/2025\/10\/vlcsnap-2025-10-19-15h42m00s980.png\")
<\/a><\/figure>\n<\/div>\n\n\nFinal Steps<\/h3>\n\n\n\n
- \n
- Click Add\/Apply to add the VPN connection on the Ubuntu client.<\/li>\n\n\n\n
- Go back to the Peer Generator in OPNsense, Store the configuration, then click Apply.<\/li>\n\n\n\n
- Connect to the VPN<\/em><\/strong>!<\/strong><\/em> \ud83c\udf89<\/li>\n<\/ul>\n\n\n\n
![\"\"](\"https:\/\/blog.danjoannis.com\/wp-content\/uploads\/2025\/10\/Screenshot-from-2025-10-19-16-11-53.png\")
<\/a><\/figure>\n\n\n\nThe trick is in the IPv4 tab. Most of the guides instruct you to fill in the the Interface address as <IP>\/32 as defined in the Peer Configuration, but I believe this prevents Ubuntu from reaching the default gateway. The subnet mask should match the VPN client network subnet (usually \/24).<\/p>\n\n\n\n
As for Gateway, DNS, and routes, it seems these are automatically determined. When I manually specified these it would generally cause the VPN to not connect anymore. Yay.<\/p>\n\n\n\n
\n\n\n\nOther Methods<\/h2>\n\n\n\n
- Disable (in my case)<\/li>\n<\/ul>\n\n\n
- Click “+” under Peers\n
- In OPNsense, go to the WireGuard Peer Generator.\n