WireGuard VPN Server Setup

Complete guide to setting up a WireGuard VPN server on your VPS

1
Prepare
2
Install
3
Configure
4
Connect

1 Server Preparation

Update Your System

First, connect to your VPS via SSH and update the system packages:

Terminal
sudo apt update && sudo apt upgrade -y
sudo apt install curl wget -y

Enable IP Forwarding

Enable IP forwarding to allow traffic routing through your VPN server:

Terminal
echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf
echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

2 Install WireGuard

Automated Installation Script

Use our automated script for quick installation and configuration:

Terminal
curl -O https://raw.githubusercontent.com/angristan/wireguard-install/master/wireguard-install.sh
chmod +x wireguard-install.sh
sudo ./wireguard-install.sh

Script Configuration

The script will ask for server configuration. Use default values for most options, but choose a custom port (e.g., 51820) and your preferred DNS servers (1.1.1.1, 8.8.8.8).

3 Manual Installation (Alternative)

Install WireGuard Package

Terminal
sudo apt install wireguard -y

Generate Server Keys

Terminal
cd /etc/wireguard
sudo wg genkey | sudo tee server_private.key | wg pubkey | sudo tee server_public.key
sudo chmod 600 server_private.key

4 Server Configuration

Create Server Configuration

Create the WireGuard server configuration file:

/etc/wireguard/wg0.conf
[Interface]
PrivateKey = SERVER_PRIVATE_KEY_HERE
Address = 10.0.0.1/24
ListenPort = 51820
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

# Client configurations will be added here

Important

Replace SERVER_PRIVATE_KEY_HERE with your actual server private key, and change eth0 to your server's network interface name if different.

5 Start WireGuard Service

Terminal
sudo systemctl enable wg-quick@wg0
sudo systemctl start wg-quick@wg0
sudo systemctl status wg-quick@wg0

6 Client Configuration

Generate Client Keys

Terminal
cd /etc/wireguard
sudo wg genkey | sudo tee client1_private.key | wg pubkey | sudo tee client1_public.key

Client Configuration File

Create a configuration file for your client device:

client1.conf
[Interface]
PrivateKey = CLIENT_PRIVATE_KEY_HERE
Address = 10.0.0.2/32
DNS = 1.1.1.1, 8.8.8.8

[Peer]
PublicKey = SERVER_PUBLIC_KEY_HERE
Endpoint = YOUR_SERVER_IP:51820
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 25

7 Firewall Configuration

Configure UFW Firewall

Terminal
sudo ufw allow 22/tcp
sudo ufw allow 51820/udp
sudo ufw --force enable
sudo ufw status

🎉 Congratulations!

Your WireGuard VPN server is now configured and running. Here's what to do next:

  • Download and install WireGuard client on your devices
  • Import the client configuration file
  • Test your connection by visiting whatismyipaddress.com
  • Set up additional clients by repeating the client configuration steps