WireGuard is a modern VPN protocol known for its simplicity, speed, and security. Setting up WireGuard on your VPS ensures a secure and private connection, giving you control over your data. This guide will help you set up WireGuard step-by-step.
Prerequisites
Before starting, ensure you have:
-
A VPS: Choose a VPS provider like Hosteons, running a Linux OS (e.g., Ubuntu or Debian).
-
Basic Linux Knowledge: Familiarity with terminal commands.
-
Root Access: Administrative privileges on your VPS.
Step 1: Update the VPS
Update your VPS to ensure all software is current:
sudo apt update && sudo apt upgrade -yStep 2: Install WireGuard
Install WireGuard using the following command:
sudo apt install wireguard -yFor other distributions, refer to the WireGuard documentation.
Step 3: Generate Keys
Generate WireGuard's encryption keys:
wg genkey | tee privatekey | wg pubkey > publickey-
privatekey: Your private key (keep this confidential).
-
publickey: Your public key (share it with peers).
Step 4: Configure WireGuard
Create a configuration file for WireGuard:
sudo nano /etc/wireguard/wg0.confAdd this configuration:
[Interface]
PrivateKey = YOUR_PRIVATE_KEY
Address = 10.0.0.1/24
ListenPort = 51820
SaveConfig = true
[Peer]
PublicKey = CLIENT_PUBLIC_KEY
AllowedIPs = 10.0.0.2/32Replace:
-
YOUR_PRIVATE_KEYwith your private key. -
CLIENT_PUBLIC_KEYwith the client’s public key.
Step 5: Enable IP Forwarding
Enable IP forwarding for traffic routing:
sudo sysctl -w net.ipv4.ip_forward=1Make this change permanent by editing:
sudo nano /etc/sysctl.confUncomment or add:
net.ipv4.ip_forward=1Step 6: Start and Enable WireGuard
Start the WireGuard service and set it to start on boot:
sudo systemctl start [email protected]
sudo systemctl enable [email protected]Step 7: Configure the Client
On your client device (e.g., laptop or smartphone), create this configuration:
[Interface]
PrivateKey = CLIENT_PRIVATE_KEY
Address = 10.0.0.2/24
[Peer]
PublicKey = SERVER_PUBLIC_KEY
Endpoint = YOUR_VPS_IP:51820
AllowedIPs = 0.0.0.0/0Replace:
-
CLIENT_PRIVATE_KEYwith the client’s private key. -
SERVER_PUBLIC_KEYwith your server’s public key. -
YOUR_VPS_IPwith your VPS’s public IP.
Step 8: Test the Connection
-
Start the VPN on your client:
sudo wg-quick up wg0 -
Verify the connection on the server:
sudo wgYou should see the client’s details.
Optional: Configure Firewall
To secure your server, allow only WireGuard traffic:
sudo ufw allow 51820/udp
sudo ufw enableConclusion
WireGuard offers a secure and high-performance VPN solution. By setting up your own VPN on a VPS, you ensure complete control over your privacy. Hosteons’ affordable VPS plans make it easy to deploy your WireGuard VPN today!
