Skip to main content

Connect a Digital Ocean Ubuntu Server to a Cloud VPN

In this tutorial, you’ll learn how you can connect a Digital Ocean Ubuntu Server via WireGuard to a Cloud VPN interface on the Telnyx network.

Pre-requisites

Before following these steps, you'll need to create a Telnyx Account, grab your API key and create a Network. Head to our Networking Quickstart Guide to get started!

You'll also need to create a Digital Ocean Ubuntu Server and run extra setup steps for greater security.


Step 1: Install Wireguard on the Digital Ocean Ubuntu server

Log onto your Digital Ocean Ubuntu Server and execute the following command:

$ sudo apt install wireguard

Note: After pasting the above content, Kindly check and remove any new line added


Step 2: Generate public and private keys

In this step you will use the WireGuard key generation tool to create the public and private keys needed to communicate with the Cloud VPN server on the Telnyx network.

$ wg genkey | tee privatekey | wg pubkey > publickey

Note: After pasting the above content, Kindly check and remove any new line added

Print both keys to screen as you will need both of them soon.

$ cat privatekey

Note: After pasting the above content, Kindly check and remove any new line added

$ cat publickey

Note: After pasting the above content, Kindly check and remove any new line added

Note: The private_key will be needed later to build the Cloud VPN peer configuration. The public_key will be used when creating the Cloud VPN peer


Step 3: Create a cloud VPN interface

Create a Cloud VPN Interface associated with the Network that you created in the Networking Quickstart Guide . This network interface is configured on the Telnyx network and acts as a tunnel interface.

Create a cloud VPN interface with the Telnyx API

curl -X POST \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--header "Authorization: Bearer YOUR_API_KEY" \
--data '{
"network_id": "7c3c05f4-7d53-4edb-9224-371c6d659cd4",
"region_code": "ashburn-va",
"name": "WG_net01_VA_interface01"
}' \
https://api.telnyx.com/v2/wireguard_interface

Note: After pasting the above content, Kindly check and remove any new line added

Example response

{
"data": {
"status": "provisioning",
"network_id": "7c3c05f4-7d53-4edb-9224-371c6d659cd4",
"id": "9122b687-30aa-47a6-8f64-2b8681476ec2",
"updated_at": "2022-06-13T09:50:54.117345Z",
"created_at": "2022-06-13T09:50:53.627044Z",
"region_code": "ashburn-va",
"public_key": "4sHgXncx9tgswHmQvxq8B8O8iJ1AuJjLNmT9Qfs/VV0=",
"name": "WG_net01_VA_interface01",
"region": {
"code": "ashburn-va",
"name": "Ashburn",
"record_type": "region"
},
"record_type": "wireguard_interface",
"endpoint": "64.16.243.3:5034",
"server_ip_address": "172.27.1.17/29"
}
}

Note: After pasting the above content, Kindly check and remove any new line added

Note: the 'server_ip_address' is the private ip of the Cloud VPN interface and will be used later to test the connectivity between the added peer and the interface


Step 4: Create a cloud VPN peer

Create a Cloud VPN Peer associated with the Cloud VPN Interface. This adds a peer to the server configuration created on the Cloud VPN server on the Telnyx network. Input your public_key generated on the Digital Ocean Ubuntu server in step 2 as an input parameter.

Create a cloud VPN peer with the Telnyx API

curl -X POST \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--header "Authorization: Bearer YOUR_API_KEY" \
--data '{
"wireguard_interface_id": "9122b687-30aa-47a6-8f64-2b8681476ec2",
"name": "ubuntu_peer01"
“public_key”: "ToEvvyKC/zI+Q3AipAUs7Zl3CvEkOzMXNtf4YTf8UH4="
}' \
https://api.telnyx.com/v2/wireguard_peers

Note: After pasting the above content, Kindly check and remove any new line added

Example response

{
"data": {
"updated_at": "2022-06-13T09:56:23.601577Z",
"id": "e4916505-a638-4b1d-b076-3142e7f1516a",
"wireguard_interface_id": "9122b687-30aa-47a6-8f64-2b8681476ec2",
"created_at": "2022-06-13T09:56:23.601577Z",
"public_key": "ToEvvyKC/zI+Q3AipAUs7Zl3CvEkOzMXNtf4YTf8UH4=",
"name": "ubuntu_peer01",
"last_seen": null,
"record_type": "wireguard_peer"
}
}

Note: After pasting the above content, Kindly check and remove any new line added


Step 5: Retrieve your configuration for the Cloud VPN Peer

You will now need to save the peer configuration file in the /etc/wireguard directory on the Digital Ocean Ubuntu server. The peer configuration can be retrieved via API. You will need to add the private key to the configuration file. Give the configuration a meaningful name e.g. wg0.conf or wg_ubuntu.conf. It must have .conf as the file extension.

Cloud VPN peer configuration template

[Interface]
Address = <server_private_ip_address>
PrivateKey = <contents-of-client-privatekey>

[Peer]
PublicKey = <contents-of-server-publickey>
Endpoint = <server-public-ip>:<port>
AllowedIPs = <ip/cidr>

Note: After pasting the above content, Kindly check and remove any new line added

Retrieve Configuration for the Cloud VPN Peer with the Telnyx API

curl -X GET \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--header "Authorization: Bearer YOUR_API_KEY" \
https://api.telnyx.com/v2/19783d68-c893-4954-bfbf-815d9ab9b0f6/Config

Note: After pasting the above content, Kindly check and remove any new line added

Example response

{
[Interface]
PrivateKey = <! INSERT PEER PRIVATE KEY HERE !>
Address = 172.27.1.18/32

[Peer]
PublicKey = ToEvvyKC/zI+Q3AipAUs7Zl3CvEkOzMXNtf4YTf8UH4=
AllowedIPs = 172.27.1.16/29
Endpoint = 64.16.243.3:5034
PersistentKeepalive = 25
}

Note: After pasting the above content, Kindly check and remove any new line added


Step 6: Bring up Wireguard interface on your peer

In this step you will bring up the Wireguard VPN interface on the peer. The command must contain the name of the peer configuration file you created on the Digital Ocean Ubuntu server in step 5 , without the file extension, .conf.

Bring up the Wireguard interface on your peer

Use the following command

$ sudo wg-quick up wg0

Note: After pasting the above content, Kindly check and remove any new line added

Example response

root@ubuntu-s-1vcpu-1gb-lon1-01:~# wg-quick up wg0
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 172.27.255.60/29 dev wg0
[#] ip link set mtu 1420 up dev wg0

Note: After pasting the above content, Kindly check and remove any new line added


Step 7: Test connection

Test that a connection was established between your peer and the Telnyx network.

Use the following command to show the current peer configuration

$ sudo wg show

Note: After pasting the above content, Kindly check and remove any new line added

Example response

root@ubuntu-s-1vcpu-1gb-lon1-01:~# wg show
interface: wg0
public key: ToEvvyKC/zI+Q3AipAUs7Zl3CvEkOzMXNtf4YTf8UH4=
private key: (hidden)
listening port: 45111

peer: qF4EqlZq+5JL2IKYY8ij49daYyfKVhevJrcDxdqC8GU=
endpoint: 203.0.113.0:51871
allowed ips: 198.51.100.0/29
latest handshake: 2 minutes, 12 seconds ago
transfer: 10.20 KiB received, 5.05 KiB sent

Note: After pasting the above content, Kindly check and remove any new line added

Test connection

$ ping <server_ip_address>

Note: After pasting the above content, Kindly check and remove any new line added

Note:

  • The 'server_ip_address' is the private ip of the Cloud VPN interface and can be found in the response of the Cloud VPN Interface create endpoint in step 3 .

Example response

root@ubuntu-s-1vcpu-1gb-lon1-01:~# ping 172.27.1.17
PING 172.27.1.17 (172.27.1.17) 56(84) bytes of data.
64 bytes from 172.27.1.17: icmp_seq=1 ttl=64 time=145 ms
64 bytes from 172.27.1.17: icmp_seq=2 ttl=64 time=144 ms
64 bytes from 172.27.1.17: icmp_seq=3 ttl=64 time=144 ms
64 bytes from 172.27.1.17: icmp_seq=4 ttl=64 time=144 ms
64 bytes from 172.27.1.17: icmp_seq=5 ttl=64 time=144 ms
64 bytes from 172.27.1.17: icmp_seq=6 ttl=64 time=144 ms

Note: After pasting the above content, Kindly check and remove any new line added


Next steps

Congratulations! You have successfully connected your Digital Ocean Ubuntu Server to a Cloud VPN server running in the Telnyx network.

By repeating the steps in this tutorial for multiple peers, you'll be able to link apps, devices and services together across the Telnyx backbone for low latency, secure communications across the globe.

Follow our other tutorials to learn how to connect a Mac to a Cloud VPN Server .

On this page