Setting Up WireGuard VPN on a VPS for Fast and Secure Access

1 day ago
nikolay
4 minutes

How to Deploy WireGuard VPN on a VPS Server

1. Why use WireGuard

WireGuard is a modern VPN solution for creating a secure connection between a device and a server.

It is often chosen as an alternative to OpenVPN when you need:

  • high connection speed;
  • simpler setup;
  • stable performance without complicated configuration;
  • secure access to a server or internal services;
  • a private VPN based on a VPS.

WireGuard is suitable for personal VPN use, working through public Wi-Fi networks, remote server access, or creating a fast encrypted tunnel between devices.

2. What you need before starting

Before installation, prepare:

  • a VPS running Ubuntu or Debian;
  • SSH access to the server;
  • administrator privileges or access to sudo;
  • an open UDP port for the VPN connection.

WireGuard commonly uses the following port:

51820 UDP

3. Installing WireGuard on a VPS

Connect to your server via SSH and run:

apt update
apt install wireguard -y

After installation, the server will have tools for:

  • generating keys;
  • starting the VPN interface;
  • managing connections;
  • checking WireGuard status.

4. Generating keys

WireGuard uses two keys:

  • privatekey — the server private key, which must not be shared;
  • publickey — the server public key, which is used in the client configuration.

Generate the keys with:

wg genkey | tee privatekey | wg pubkey > publickey

To view the generated keys, run:

cat privatekey
cat publickey

5. Creating the server configuration

Create the WireGuard configuration file:

nano /etc/wireguard/wg0.conf

Add the basic configuration:

[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = SERVER_PRIVATE_KEY

[Peer]
PublicKey = CLIENT_PUBLIC_KEY
AllowedIPs = 10.0.0.2/32

In this configuration, replace:

  • SERVER_PRIVATE_KEY with the server private key;
  • CLIENT_PUBLIC_KEY with the public key of the client device.

6. Enabling routing

To allow the VPS to forward traffic through the VPN, enable IP forwarding:

echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
sysctl -p

This allows the server to work as a router for the VPN connection.

7. Starting WireGuard

Start the VPN interface:

wg-quick up wg0

To make WireGuard start automatically after a VPS reboot, run:

systemctl enable wg-quick@wg0

8. Configuring the client

On the client device, create its own key pair and configuration file.

Example client configuration:

[Interface]
PrivateKey = CLIENT_PRIVATE_KEY
Address = 10.0.0.2/24

[Peer]
PublicKey = SERVER_PUBLIC_KEY
Endpoint = SERVER_IP:51820
AllowedIPs = 0.0.0.0/0

Replace the following values:

  • CLIENT_PRIVATE_KEY with the client private key;
  • SERVER_PUBLIC_KEY with the server public key;
  • SERVER_IP with the IP address of your VPS.

The setting:

AllowedIPs = 0.0.0.0/0

means that all client traffic will go through the VPN.

9. Checking the connection

To check WireGuard status on the server, run:

wg

The output can show:

  • the active VPN interface;
  • connected clients;
  • keys;
  • the time of the last data exchange;
  • transferred traffic volume.

After connecting from the client device, also check whether the external IP address has changed. This helps confirm that traffic is routed through the VPS.

10. Common issues

If the VPN does not work, check the main points:

  • whether port 51820 UDP is open;
  • whether private and public keys are entered correctly;
  • whether IP forwarding is enabled;
  • whether the firewall is blocking traffic;
  • whether the server IP address is correct in the client configuration.

11. Where WireGuard is used

WireGuard can be used for different tasks:

  • personal VPN;
  • secure server access;
  • connection to internal services;
  • working through public Wi-Fi networks;
  • fast encrypted connection between devices;
  • access to infrastructure through a VPS.

12. WireGuard or OpenVPN

WireGuard is usually chosen when you need:

  • faster performance;
  • easier setup;
  • compact configuration;
  • fewer manual parameters.

OpenVPN may be more suitable when you need:

  • broader compatibility;
  • more complex connection scenarios;
  • support for specific infrastructure;
  • more detailed configuration options.

13. Conclusion

WireGuard is a convenient solution for a VPS when you need a fast, stable, and simple VPN.

To launch it, you need to:

  • install WireGuard on the server;
  • generate keys;
  • configure the server file;
  • add the client;
  • open the UDP port;
  • check the connection.

After that, the VPS can be used as a private VPN server.

Leave a Reply 0

Your email address will not be published. Required fields are marked *