\u018fg\u0259r Ubuntu 24.04 serveriniz\u0259 t\u0259hl\u00fck\u0259siz uzaq giri\u015f, \u00f6z\u0259l tunel v\u0259 ya \u015f\u0259xsi VPN \u0259lav\u0259 etm\u0259k ist\u0259yirsinizs\u0259, WireGuard \u0259n praktik h\u0259ll\u0259rd\u0259n biridir. O, OpenVPN kimi k\u00f6hn\u0259 yana\u015fmalarla m\u00fcqayis\u0259d\u0259 daha y\u00fcng\u00fcl, daha sad\u0259 v\u0259 \u00e7ox vaxt daha rahat idar\u0259 olunan VPN h\u0259lli kimi se\u00e7ilir.<\/p>\n
Bu m\u0259qal\u0259d\u0259 Ubuntu 24.04-d\u0259 WireGuard qura\u015fd\u0131r\u0131lmas\u0131n\u0131, server \u00fc\u00e7\u00fcn a\u00e7arlar\u0131n yarad\u0131lmas\u0131n\u0131, baza konfiqurasiyan\u0131, peer m\u0259ntiqini v\u0259 i\u015f\u0259 salma add\u0131mlar\u0131n\u0131 sad\u0259, praktik formada g\u00f6st\u0259r\u0259c\u0259y\u0259m.<\/p>\n
Praktik ssenaril\u0259r:<\/p>\n
sudo apt update\nsudo apt install wireguard -y<\/code><\/pre>\nBu add\u0131mdan sonra \u0259sas al\u0259tl\u0259r sistemd\u0259 haz\u0131r olur.<\/p>\n
Add\u0131m 2: Server \u00fc\u00e7\u00fcn private v\u0259 public key yarad\u0131n<\/h2>\n
WireGuard public\/private key c\u00fct\u00fc il\u0259 i\u015fl\u0259yir. Serverd\u0259 bunlar\u0131 yarad\u0131n:<\/p>\n
wg genkey | sudo tee \/etc\/wireguard\/private.key\nsudo chmod go= \/etc\/wireguard\/private.key\nsudo cat \/etc\/wireguard\/private.key | wg pubkey | sudo tee \/etc\/wireguard\/public.key<\/code><\/pre>\nBurada:<\/p>\n
\nprivate.key<\/code> yaln\u0131z serverd\u0259 qalmal\u0131d\u0131r<\/li>\npublic.key<\/code> is\u0259 peer-l\u0259r\u0259 paylana bil\u0259r<\/li>\n<\/ul>\nVacib:<\/strong> private key-i he\u00e7 vaxt ictimai yerd\u0259 payla\u015fmay\u0131n.<\/p>\nAdd\u0131m 3: VPN \u00fc\u00e7\u00fcn private IP aral\u0131\u011f\u0131 se\u00e7in<\/h2>\n
Sad\u0259 setup \u00fc\u00e7\u00fcn \u00f6z\u0259l IPv4 range se\u00e7m\u0259k kifay\u0259tdir. M\u0259s\u0259l\u0259n:<\/p>\n
10.8.0.0\/24<\/code><\/pre>\nBu halda server \u00fc\u00e7\u00fcn bel\u0259 bir \u00fcnvan istifad\u0259 ed\u0259 bil\u0259rsiniz:<\/p>\n
10.8.0.1\/24<\/code><\/pre>\nPeer-l\u0259r \u00fc\u00e7\u00fcn is\u0259 m\u0259s\u0259l\u0259n:<\/p>\n
\n- 10.8.0.2\/24<\/li>\n
- 10.8.0.3\/24<\/li>\n<\/ul>\n
\u018fg\u0259r IPv6 d\u0259 istifad\u0259 etm\u0259k ist\u0259yirsinizs\u0259, ayr\u0131ca unikal local IPv6 prefix planlamaq laz\u0131md\u0131r. Amma praktik ba\u015flan\u011f\u0131c \u00fc\u00e7\u00fcn yaln\u0131z IPv4 yet\u0259rlidir.<\/p>\n
Add\u0131m 4: Server config fayl\u0131n\u0131 yarad\u0131n<\/h2>\n
\u018fsas konfiqurasiya fayl\u0131n\u0131 yarad\u0131n:<\/p>\n
sudo nano \/etc\/wireguard\/wg0.conf<\/code><\/pre>\nN\u00fcmun\u0259 baza config:<\/p>\n
[Interface]\nAddress = 10.8.0.1\/24\nListenPort = 51820\nPrivateKey = SERVER_PRIVATE_KEY\n\n[Peer]\nPublicKey = CLIENT_PUBLIC_KEY\nAllowedIPs = 10.8.0.2\/32<\/code><\/pre>\nBurada:<\/p>\n
\nPrivateKey<\/code> serverin private key d\u0259y\u0259ridir<\/li>\nPublicKey<\/code> peer cihaz\u0131n public key-idir<\/li>\nAllowedIPs<\/code> h\u0259min peer \u00fc\u00e7\u00fcn t\u0259yin olunan VPN IP-dir<\/li>\n<\/ul>\nAdd\u0131m 5: Peer cihaz \u00fc\u00e7\u00fcn d\u0259 a\u00e7ar yarad\u0131n<\/h2>\n
Qo\u015fulacaq client ma\u015f\u0131nda v\u0259 ya peer cihazda da ayr\u0131ca key c\u00fct\u00fc yarad\u0131l\u0131r:<\/p>\n
wg genkey | tee privatekey | wg pubkey > publickey<\/code><\/pre>\nSonra:<\/p>\n
\n- peer-in public key-i server config-\u0259 \u0259lav\u0259 olunur<\/li>\n
- server-in public key-i is\u0259 peer config-d\u0259 istifad\u0259 olunur<\/li>\n<\/ul>\n
Add\u0131m 6: Peer config n\u00fcmun\u0259si<\/h2>\n
Client t\u0259r\u0259fd\u0259 baza config bu tip ola bil\u0259r:<\/p>\n
[Interface]\nAddress = 10.8.0.2\/24\nPrivateKey = CLIENT_PRIVATE_KEY\nDNS = 1.1.1.1\n\n[Peer]\nPublicKey = SERVER_PUBLIC_KEY\nEndpoint = SERVER_IP:51820\nAllowedIPs = 10.8.0.0\/24\nPersistentKeepalive = 25<\/code><\/pre>\nPersistentKeepalive = 25<\/code> x\u00fcsusil\u0259 NAT arxas\u0131nda olan client-l\u0259r \u00fc\u00e7\u00fcn praktik se\u00e7imdir.<\/p>\nAdd\u0131m 7: Firewall v\u0259 UDP portu a\u00e7\u0131n<\/h2>\n
WireGuard default olaraq \u00e7ox vaxt UDP 51820 portundan istifad\u0259 edir. UFW aktivdirs\u0259:<\/p>\n
sudo ufw allow 51820\/udp<\/code><\/pre>\n\u018fg\u0259r ba\u015fqa firewall v\u0259 ya cloud provider security group istifad\u0259 edirsinizs\u0259, orada da eyni port a\u00e7\u0131lmal\u0131d\u0131r.<\/p>\n
Add\u0131m 8: WireGuard interfeysini ba\u015flad\u0131n<\/h2>\nsudo wg-quick up wg0<\/code><\/pre>\nStatus yoxlamaq \u00fc\u00e7\u00fcn:<\/p>\n
sudo wg show<\/code><\/pre>\nBoot zaman\u0131 avtomatik qalxmas\u0131n\u0131 ist\u0259yirsinizs\u0259:<\/p>\n
sudo systemctl enable wg-quick@wg0<\/code><\/pre>\nAdd\u0131m 9: Trafiki server \u00fcz\u0259rind\u0259n y\u00f6nl\u0259ndirm\u0259k ist\u0259yirsinizs\u0259<\/h2>\n
\u018fg\u0259r m\u0259qs\u0259d t\u0259kc\u0259 private tunnel deyil, b\u00fct\u00fcn internet trafiki server \u00fcz\u0259rind\u0259n ke\u00e7irm\u0259kdirs\u0259, IP forwarding v\u0259 NAT qaydalar\u0131 da laz\u0131md\u0131r. Bu halda peer config-d\u0259 bel\u0259 istifad\u0259 olunur:<\/p>\n
AllowedIPs = 0.0.0.0\/0<\/code><\/pre>\nAmma bu daha tam VPN\/gateway ssenarisidir v\u0259 \u0259lav\u0259 sysctl + firewall qaydalar\u0131 t\u0259l\u0259b edir. Sad\u0259 admin tuneli \u00fc\u00e7\u00fcn ilk m\u0259rh\u0259l\u0259d\u0259 buna ehtiyac olmaya bil\u0259r.<\/p>\n
\u018fn \u00e7ox rast g\u0259lin\u0259n probleml\u0259r<\/h2>\n1. Handshake g\u00f6r\u00fcnm\u00fcr<\/h3>\n
\u00c7ox vaxt s\u0259b\u0259b bunlardan biri olur:<\/p>\n
\n- UDP port a\u00e7\u0131lmay\u0131b<\/li>\n
- Endpoint IP s\u0259hvdir<\/li>\n
- peer public key s\u0259hv yaz\u0131l\u0131b<\/li>\n
- NAT v\u0259 ya firewall bloklay\u0131r<\/li>\n<\/ul>\n
2. Qo\u015fulur, amma trafik ke\u00e7mir<\/h3>\n
AllowedIPs d\u00fczg\u00fcn verilm\u0259yib v\u0259 ya forwarding\/NAT hiss\u0259si \u00e7at\u0131\u015fm\u0131r.<\/p>\n
3. Private key icaz\u0259l\u0259ri z\u0259ifdir<\/h3>\n
Serverd\u0259 private key fayl\u0131n\u0131n permission-lar\u0131 s\u0259rt olmal\u0131d\u0131r. Ona g\u00f6r\u0259 chmod go=<\/code> vacib add\u0131md\u0131r.<\/p>\n4. NAT arxas\u0131nda peer stabil deyil<\/h3>\n
Bu halda PersistentKeepalive = 25<\/code> \u00e7ox vaxt k\u00f6m\u0259k edir.<\/p>\nPraktik t\u00f6vsiy\u0259<\/h2>\n\n- ilk setup-u minimal saxlay\u0131n<\/li>\n
- \u0259vv\u0259l server + 1 peer konfiqurasiyas\u0131n\u0131 i\u015fl\u0259din<\/li>\n
- sonra tam-tunnel v\u0259 multi-peer ssenaril\u0259rin\u0259 ke\u00e7in<\/li>\n
- private key-l\u0259ri ayr\u0131ca t\u0259hl\u00fck\u0259siz yerd\u0259 saxlay\u0131n<\/li>\n<\/ul>\n
N\u0259tic\u0259<\/h2>\n
Ubuntu 24.04-d\u0259 WireGuard qura\u015fd\u0131rmaq t\u0259hl\u00fck\u0259siz private tunel qurmaq \u00fc\u00e7\u00fcn \u0259n rahat yollardan biridir. Qura\u015fd\u0131rma sad\u0259dir, performans\u0131 yax\u015f\u0131d\u0131r v\u0259 d\u00fczg\u00fcn konfiqurasiya il\u0259 h\u0259m admin access, h\u0259m d\u0259 \u015f\u0259xsi VPN kimi \u00e7ox praktik i\u015fl\u0259yir. \u018fg\u0259r server t\u0259hl\u00fck\u0259sizliyi v\u0259 uzaq giri\u015f sizin \u00fc\u00e7\u00fcn vacibdirs\u0259, WireGuard \u00f6yr\u0259nm\u0259y\u0259 d\u0259y\u0259n al\u0259tl\u0259rd\u0259n biridir.<\/p>\n","protected":false},"excerpt":{"rendered":"
\u018fg\u0259r Ubuntu 24.04 serveriniz\u0259 t\u0259hl\u00fck\u0259siz uzaq giri\u015f, \u00f6z\u0259l tunel v\u0259 ya \u015f\u0259xsi VPN \u0259lav\u0259 etm\u0259k ist\u0259yirsinizs\u0259, WireGuard \u0259n praktik h\u0259ll\u0259rd\u0259n biridir. O, OpenVPN kimi k\u00f6hn\u0259 yana\u015fmalarla m\u00fcqayis\u0259d\u0259 daha y\u00fcng\u00fcl, daha sad\u0259 v\u0259 \u00e7ox vaxt daha rahat idar\u0259 olunan VPN h\u0259lli kimi se\u00e7ilir. Bu m\u0259qal\u0259d\u0259 Ubuntu 24.04-d\u0259 WireGuard qura\u015fd\u0131r\u0131lmas\u0131n\u0131, server \u00fc\u00e7\u00fcn a\u00e7arlar\u0131n yarad\u0131lmas\u0131n\u0131, baza konfiqurasiyan\u0131, peer […]<\/p>\n","protected":false},"author":1,"featured_media":11028,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[31,17,41],"tags":[],"class_list":["post-11029","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security","category-hosting","category-tutoriallar"],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/bitep.net\/blog\/wp-content\/uploads\/2026\/04\/wireguard-ubuntu-24-04.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/posts\/11029","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/comments?post=11029"}],"version-history":[{"count":0,"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/posts\/11029\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/media\/11028"}],"wp:attachment":[{"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/media?parent=11029"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/categories?post=11029"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/tags?post=11029"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}