How to Set up WireGuard VPN on a VPS Server?

Having a secure VPS hosting service is not sufficient; building safe and private internet connections must be the priority of any business or individual. A VPN (Virtual Private Network) is a solid solution for encrypting internet traffic and shielding sensitive information. WireGuard has earned its reputation for being the simplest, fastest, and most secure VPN among a pool of other VPNs.

In this guide, we will configure a WireGuard VPN on a VPS to easily have secure connections.

Check that you have the following before you proceed:

• A Linux VPS: A root access to a Linux server (Ubuntu, Debian, CentOS, or Fedora).
• A Client Device: The computer (e.g., home computer, mobile phone) you want to use with the VPN.

Steps to Install and Setup WireGuard VPN

Step 1: Update the System

It is recommended that the most recent updates are installed in your system to avoid running old packages that may contain security risks. This also ensures a stable and secure configuration. You can update the system using the following commands.

Step 2: Install WireGuard

If you are using Ubuntu or Debian, you can use the following command to install WireGuard.

Otherwise, if you are using CentOS or Fedora, you can use these commands:

The WireGuard installation also provides the required tools and modules to create a secure VPN tunnel. It is available in the official Ubuntu repositories.

Step 3: Generate Encryption Keys

WireGuard uses asymmetric encryption, meaning each device (server and clients) needs a private key for authentication and a corresponding public key for secure communication.

Generate these keys on your server using this command:

To view the generated private and public keys:

• privatekey: Your server's private key (keep this secret).
• publickey: Your server's public key (to be shared with clients).

Step 4: Configure WireGuard

Create a configuration file for WireGuard using the command:

Add the following content to the file:

Replace [Server's Private Key] with your private key.

It sets up a secure VPN interface, assigns the internal IP address of the server, and allows routing so that users through the VPN can access the Internet securely.

Step 5: Enable IP Forwarding

IP forwarding enables the VPS to route traffic between VPN clients and the Internet.

To allow traffic to pass through the VPN:

Uncomment or add this line after executing the above command:

Apply the changes:

Step 6: Configure Firewall (Optional)

Allow traffic on the WireGuard port and set up necessary firewall rules:

Without this step, the firewall might block VPN traffic, preventing the authorized clients from connecting.

Step 7: Start and Enable WireGuard

This is to ensure that WireGuard starts with every reboot and creates the VPN tunnel:

Step 8: Configure the Client Device

On your client device, install WireGuard and generate keys:

Create a client configuration file (e.g., client-wg0.conf):

Replace placeholders with the appropriate keys and server IP address.

Step 9: Add Client to the Server Configuration

On the server, add the client's public key to the WireGuard configuration:

A client can only access a VPN through a specific configuration. Using the above configuration, the server will recognize the client’s public key on the server.

Restart the WireGuard service to apply changes:

Step 10: Connect the Client

Import the client configuration into the WireGuard client app and connect.

Following these steps, you will be able to set up WireGuard VPN on the VPS server. With this setup, the server and the client machine can communicate over a secure and private channel practically facilitated with great effectiveness and a robust security framework by WireGuard.

* To install WireGuard VPN on your VPS, our team will first verify if your server is compatible with the installation.