Setting Up a VPN on a VPS for Secure Access

1 month ago
nikolay
2 minutes

How to Install a VPN on a VPS

🔹 Why You Need a VPN

A VPN (Virtual Private Network) creates an encrypted tunnel between your device and your VPS server.
It allows you to:

  • protect internet traffic in public or unsecured networks;
  • safely access internal or corporate resources;
  • hide your real IP address;
  • securely administer the server via a private connection.

⚙️ 1. Preparing the VPS

  1. Create a VPS with Ubuntu 22.04 LTS (or newer).
  2. Update system packages: sudo apt update && sudo apt upgrade -y
  3. Make sure the required ports are open:
    • 22 — SSH access
    • 51820 (WireGuard) or 1194 (OpenVPN) — VPN traffic

🔐 2. Choosing a VPN Type

Popular VPN solutions include:

  • WireGuard — modern, fast, and easy to set up;
  • OpenVPN — stable and widely supported;
  • SoftEther — versatile, supports multiple protocols (L2TP, OpenVPN, SSTP).

For most users, WireGuard is the best option due to its simplicity and performance.

🧱 3. Installing WireGuard (Recommended)

On the VPS:

  1. Install WireGuard:

    sudo apt install wireguard -y
  2. Generate key pairs:

    wg genkey | tee /etc/wireguard/server_private.key | wg pubkey > /etc/wireguard/server_public.key
  3. Create a configuration file /etc/wireguard/wg0.conf:

    [Interface]
    Address = 10.0.0.1/24
    ListenPort = 51820
    PrivateKey = <server_private_key>
    [Peer]
    PublicKey = <client_public_key>
    AllowedIPs = 10.0.0.2/32
  4. Enable IP forwarding:

    echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf
    sudo sysctl -p
  5. Start the service:

    sudo systemctl enable wg-quick@wg0
    sudo systemctl start wg-quick@wg0

💻 4. Setting Up the Client

On your client device (Windows, Linux, or mobile):

  1. Generate your own keys.
  2. Create a configuration file, for example:

    [Interface]
    PrivateKey = <client_private_key>
    Address = 10.0.0.2/24 DNS = 1.1.1.1
    [Peer]
    PublicKey = <server_public_key>
    Endpoint = <SERVER_IP>:51820
    AllowedIPs = 0.0.0.0/0
    PersistentKeepalive = 25
  3. Connect using the WireGuard app or via terminal.

🔄 5. Securing the VPS

  1. Enable the UFW firewall:

    sudo ufw allow 22
    sudo ufw allow 51820/udp
    sudo ufw enable
  2. Disable password-based logins and use SSH keys instead.
  3. Regularly update both your OS and WireGuard for maximum security.

🧩 6. Adding New Users

Each new client should have unique keys and IP addresses, for example:
10.0.0.3/24, 10.0.0.4/24, etc.

Add new [Peer] sections to /etc/wireguard/wg0.conf and restart the service:

sudo systemctl restart wg-quick@wg0
Leave a Reply 0

Your email address will not be published. Required fields are marked *