WireGuard on VPS: quick installation and configuration of a secure VPN

Today, virtual private networks are increasingly popular. They are used to create secure connections, ensuring the safety of browsing, work, and other online activities. WireGuard is a VPN protocol based on tunneling, designed for simple VPN technology usage. It is characterized by quick installation and setup and is considered an improved alternative to OpenVPN and IPSec.

What is WireGuard and Its Advantages Compared to Other VPN Protocols

Essentially, WireGuard is free software with open-source code. Using its communication protocol, it's easy to implement a virtual private network. It's considered lighter and faster than OpenVPN or IPSec and is based on new encryption methods.

The main advantages of the software are:

• Speed – Works faster than many VPNs, doesn't lag.
• Simplicity – Can be set up in a couple of minutes, no complex commands.
• Security – Uses the latest encryption methods.
• Lightweight – Very small code size, doesn't burden the system.
• Fewer Bugs – Short and simple script, eliminates errors.

Users choose WireGuard for its efficiency. Its ease of use and setup makes it attractive for beginners. Without unnecessary options and complex interfaces, it's ideal for those who want to quickly and securely create a WG VPN connection.

Which VPS to Choose for WireGuard

A VPS (Virtual Private Server) is a system emulating a computer's hardware. Each VPS is isolated from others and provides the user with full control over the operating system and installed applications, similar to a computer.

When choosing a VPS for installing WireGuard, consider:

• Operating System: A Linux distribution is suitable, as it has official repositories.
• Processor: One or two cores are enough for a small number of connections.
• RAM: 512 MB or 1 GB is usually sufficient for the tunnel protocol.
• Disk Space: The required amount depends on settings; usually, 10-20 GB is enough.
• Location: A server closer to users is better to reduce latency.
• Data Transfer Protocol IPv4/IPv6: The VPS must support the necessary protocols.
• Control Panel: Should be intuitive to easily manage the server.

The choice of VPS depends on specific needs and budget. Pay attention to the operating system, resources, location, data transfer protocol, control panel, and price.

Steps for Installing and Configuring WireGuard on VPS

Installing and setting software parameters on virtual private servers is quite simple, even a beginner can handle it. To install WireGuard on a VPS, you need:

1. Connect to the server via SSH: ssh root@server_ip.
2. Update the system: apt update && apt upgrade.
3. Install the software: apt install wireguard.
4. Generate keys: wg genkey | tee privatekey | wg pubkey > publickey.
5. Create a config file and add server parameters: wg0.conf.
6. Configure the firewall: Open ports via ufw or another tool.

To configure the client, you need to install the software on a computer or phone, add the config by uploading the settings file created on the server, and connect to the connection.

How to Create WireGuard Configurations, Structure of the Configuration File

Essentially, a configuration file is a text document containing the necessary data for setting up WireGuard VPN. It consists of sections:

• [Interface] – Describes the WireGuard interface, including IP address, listening port, and private key.
• [Peer] – Describes the remote peer (client or another server) with which the connection is established.

When setting parameters, it's important to specify correctly:

• Address – IP address assigned to the program interface on the server.
• ListenPort – Port for the server to listen for incoming connections.
• PrivateKey – Server's private keys generated randomly.
• PublicKey – Public keys of the client connecting to the server.
• AllowedIPs – Range of IPs available to the client through the VPN tunnel. For full tunneling, you need to specify 0.0.0.0/0 for IPv4 and ::/0 for IPv6 so that all traffic passes through the VPN connection.

Separate [Peer] sections must be created for all clients in the server's configuration file, specifying clients' public keys and other parameters.

How to Configure the Firewall and Network Rules

To configure the firewall, you need to open a port so that the server accepts connections. Usually, WireGuard uses UDP and standard port 51820. For UFW (a simplified option in Ubuntu/Debian), you need to enter the code: ufw allow 51820/udp. To work directly with iptables: iptables -A INPUT -p udp --dport 51820 -j ACCEPT.

To forward traffic (NAT), you need to configure the server so that devices in the VPN see each other and access the internet. To do this:

1. Enable IP forwarding: Open the settings file: nano /etc/sysctl.conf. Find the line: net.ipv4.ip_forward = 1. Remove # at the beginning if the line is commented, or add it if it's not there.
2. Configure NAT: This is needed so the server replaces the client's IP with its external one for internet access: iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE. The external network interface is eth0. Depending on the VPS, the external interface may have another name (e.g., ens3 or venet0). This should be checked before using the command.
3. Configure iptables for routing: Enter two lines of code:
   • iptables -A FORWARD -i wg0 -j ACCEPT
   • iptables -A FORWARD -o wg0 -j ACCEPT
   Save changes: apt install iptables-persistent.

How to Run WireGuard and Automate Launch on Server Startup

After installing WireGuard, you need to run it manually and ensure it will start automatically on reboot. The process takes a couple of minutes and consists of the following steps:

1. Run WireGuard: wg-quick up wg0
2. Activate autostart: systemctl enable wg-quick@wg0

After that, the software will start with the server, keeping the set parameters. You can forget about manual startup after each reboot.

How to Configure WireGuard Client on Different Platforms

WireGuard clients work on different devices. Setting up takes a few minutes. To connect, you only need keys and configuration. Depending on the platform, you will need to:

• Install the application, import the settings file, connect to the server.
• MacOS and iOS: Download WireGuard from the App Store, import the configuration, connect.
• Android: Install the software from Google Play, load the settings file, connect via the application.

Now the devices are connected to the VPN. The convenient interface and simplicity of setup are important advantages of WireGuard for any platform, making it popular among users.

How to Test WireGuard VPN

After setup, it's important to test the VPN. The main parameters are checking IP, speed, and connection stability:

• IP Check: Use third-party sites; the IP should change to the WireGuard VPN server address.
• Speed Test: Use speedtest.net; the VPN should not significantly slow down the connection.
• Connection Stability: You can run a test for several hours.

To ensure all peer connections are active and working correctly, you can use the command wg. For example, the command wg show will display active WireGuard interfaces, their parameters, and connection statuses.

If all four tests pass successfully, the VPN works correctly. The WireGuard tunnel provides a stable, fast, and secure connection. Now you don't have to worry about internet privacy.