1 3 3 7 4 2 0 6 6 6 1 3 3 7 4 2 0 6 9 6 6 6 1 3 3 7 4 2 0 6 6 6 4 2 0 1 3 3 7 6 9 6 6 6 4 2 0 1 3 3 7 6 9 6 6 6 4 2 0 6 9 1 3 3 7 6 6 6 4 2 0 6 9 1 3 3 7 6 6 6 4 2 0 6 9 6 6 6 1 3 3 7 4 2 0 6 9 6 6 6 1 3 3 7 4 2 0 6 9 1 3 3 7 6 6 6 4 2 0 6 9 1 3 3 7 6 6 6 4 2 0 6 9 1 3 3 7 6 6 6 6 9 4 2 0 1 3 3 7 6 6 6 6 9 4 2 0 1 3 3 7 6 6 6 4 2 0 1 3 3 7 6 6 6 6 9 4 2 0 1 3 3 7 6 6 6 6 9 4 2 0 6 9 1 3 3 7 4 2 0 6 6 6 6 9 1 3 3 7 4 2 0 6 6 6 6 9 1 3 3 7 6 6 6 6 9 4 2 0 1 3 3 7 6 6 6 6 9 4 2 0 1 3 3 7 6 6 6 4 2 0 6 9 1 3 3 7 6 6 6 4 2 0 6 9 1 3 3 7 6 6 6
Logo
TUTORIALS / NETWORKING

SELF-HOSTED VPN WITH WIREGUARD

DIFFICULTY: INTERMEDIATE UPDATED: 2 MONTHS AGO

INTRODUCTION

Commercial VPNs log your data despite their "No Logs" claims. The only way to be sure is to host your own. WireGuard is a modern, high-performance VPN protocol that is much faster and easier to set up than OpenVPN.

PREREQUISITES

  • A VPS (Virtual Private Server) - DigitalOcean, Linode, or Vultr ($5/mo).
  • Ubuntu 22.04 LTS.
  • SSH Access.

INSTRUCTIONS

1. Install WireGuard

SSH into your VPS and install the package.

sudo apt update && sudo apt install wireguard

2. Generate Keys

Generate private and public keys for the server and client.

wg genkey | tee privatekey | wg pubkey > publickey

3. Configure Server

Edit /etc/wireguard/wg0.conf:

[Interface]
Address = 10.0.0.1/24
SaveConfig = true
ListenPort = 51820
PrivateKey = [SERVER_PRIVATE_KEY]

[Peer]
PublicKey = [CLIENT_PUBLIC_KEY]
AllowedIPs = 10.0.0.2/32

4. Enable IP Forwarding

Uncomment net.ipv4.ip_forward=1 in /etc/sysctl.conf and run sysctl -p.

CONCLUSION

Start the interface with wg-quick up wg0. You now have a private, encrypted tunnel. Use the client config on your phone or PC to connect.