Docs / Networking / How to Set Up a Private Network Between VPS Instances

How to Set Up a Private Network Between VPS Instances

By Admin · Mar 15, 2026 · Updated Apr 23, 2026 · 216 views · 2 min read

A private network allows your VPS instances to communicate securely without exposing traffic to the public internet. This is essential for database connections, service-to-service communication, and distributed applications.

Option 1: VLAN/Private Networking (Provider-Level)

# Many VPS providers offer private networking
# Kazepute Breezes on the same node share a private network via VLAN

# Check if a private interface is available
ip addr show
# Look for an interface like eth1 or ens4 with a private IP (10.x.x.x)

Option 2: WireGuard Mesh Network

# For servers across different providers or regions
# Each server gets a WireGuard interface with a private IP

# Server A (10.10.0.1)
[Interface]
PrivateKey = SERVER_A_PRIVATE_KEY
Address = 10.10.0.1/24
ListenPort = 51820

[Peer]
PublicKey = SERVER_B_PUBLIC_KEY
AllowedIPs = 10.10.0.2/32
Endpoint = server-b-public-ip:51820
PersistentKeepalive = 25

# Server B (10.10.0.2)
[Interface]
PrivateKey = SERVER_B_PRIVATE_KEY
Address = 10.10.0.2/24
ListenPort = 51820

[Peer]
PublicKey = SERVER_A_PUBLIC_KEY
AllowedIPs = 10.10.0.1/32
Endpoint = server-a-public-ip:51820
PersistentKeepalive = 25

Option 3: Tailscale (Managed WireGuard)

# Tailscale automates WireGuard mesh networking
curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up

# Each server gets a 100.x.x.x address
# Automatic NAT traversal, no port forwarding needed
# Free for up to 100 devices

Binding Services to Private IPs

# MySQL — only listen on private network
# /etc/mysql/mysql.conf.d/mysqld.cnf
bind-address = 10.10.0.1

# Redis — only listen on private network
# /etc/redis/redis.conf
bind 10.10.0.1 127.0.0.1

# Application config: connect to database via private IP
DB_HOST=10.10.0.1

Firewall Rules for Private Networks

# Allow all traffic from private network
sudo ufw allow from 10.10.0.0/24

# Or be specific
sudo ufw allow from 10.10.0.2 to any port 3306  # MySQL from app server
sudo ufw allow from 10.10.0.2 to any port 6379  # Redis from app server

Testing Connectivity

# Ping between servers
ping 10.10.0.2

# Test specific ports
nc -zv 10.10.0.1 3306

# Measure latency and throughput
iperf3 -s              # On server A
iperf3 -c 10.10.0.1    # On server B

Was this article helpful?

Related Articles