Here's a guide to installing WireGuard on your VPS server. The steps may vary slightly depending on your VPS provider's Linux distribution. We'll cover Ubuntu as an example.
Prerequisites:
- A VPS running a supported Linux distro (e.g., Ubuntu, Debian, CentOS, etc.)
- SSH access to your VPS
Step 1: Update your repository
sudo apt update
Step 2: Install WireGuard
sudo apt install wireguard -y
Step 3: Generate keys
Use the following command to generate a private and public key pair for the server:
wg genkey | tee server_privatekey.pem | wg pubkey > server_publickey.pem
This creates two files:
server_privatekey.pem
: Keep this file secure as it grants VPN access.server_publickey.pem
: You'll need this key to configure your WireGuard client.
Step 4: Create WireGuard configuration file
Use a text editor (e.g., nano) to create a file named wg0.conf
(or similar based on your VPS provider's instructions) in the directory /etc/wireguard/
:
nano /etc/wireguard/wg0.conf
Here's an example configuration (replace placeholders with your details):
[Interface]
PrivateKey = $(cat server_privatekey.pem)
Address = 10.0.0.1/24 (Replace with your desired VPN subnet)
ListenPort = 51820 (Standard WireGuard port)
[Peer]
PublicKey = (Paste your client's public key here)
AllowedIPs = 10.0.0.2/32 (Replace with your client's desired IP address)
Step 5: Enable forwarding
Edit the /etc/sysctl.conf
file:
sudo nano /etc/sysctl.conf
Add the line:
net.ipv4.ip_forward=1
Save the changes and run:
sudo sysctl -p
Step 6 (Optional): Configure firewall
You might need to configure your firewall to allow traffic on port 51820 (WireGuard's default). Consult your VPS provider's documentation for specific firewall instructions.
Step 7: Start the WireGuard service
sudo systemctl enable [email protected]
sudo systemctl start [email protected]
Step 8: Configure your WireGuard client
-
Download and install the WireGuard client for your device (https://www.wireguard.com/install/).
-
Create a new WireGuard connection profile on your client.
-
Enter the following details in your client configuration:
- Endpoint: Your VPS server's public IP address followed by port 51820 (e.g.,
your_server_ip:51820
) - PrivateKey: Contents of your client's private key file (generated earlier)
- PublicKey: Server's public key (
server_publickey.pem
) - AllowedIPs: Leave blank for full access to the server's network or specify a limited allowed IP range.
- Endpoint: Your VPS server's public IP address followed by port 51820 (e.g.,
Step 9: Connect!
Activate the WireGuard connection on your client device. You should now be connected to your VPS server through the VPN tunnel.
Additional Notes:
- Remember to replace placeholders in the configuration files with your specific details.
- This is a general guide, and some steps might vary depending on your VPS provider's setup. Refer to their documentation for specific instructions.
- For more advanced configurations, refer to the official WireGuard documentation: https://www.wireguard.com/quickstart/