Docs / Networking / How to Set Up WireGuard VPN on Your VPS

How to Set Up WireGuard VPN on Your VPS

By Admin · Mar 15, 2026 · Updated Apr 23, 2026 · 314 views · 2 min read

WireGuard is a modern VPN protocol that is faster, simpler, and more secure than OpenVPN or IPSec. This guide covers setting up a WireGuard VPN server on your VPS for secure remote access to your infrastructure.

Why WireGuard?

  • Minimal codebase (~4,000 lines vs OpenVPN's ~100,000)
  • Built into the Linux kernel (5.6+)
  • Faster than OpenVPN (less overhead, modern cryptography)
  • Simple configuration (no certificate management)
  • Roaming support (seamless IP changes)

Server Installation

# Ubuntu/Debian
sudo apt install wireguard

# Generate server keys
wg genkey | tee /etc/wireguard/server_private.key | wg pubkey > /etc/wireguard/server_public.key
chmod 600 /etc/wireguard/server_private.key

Server Configuration

# /etc/wireguard/wg0.conf
[Interface]
PrivateKey = SERVER_PRIVATE_KEY
Address = 10.0.0.1/24
ListenPort = 51820
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
# Client 1
PublicKey = CLIENT_PUBLIC_KEY
AllowedIPs = 10.0.0.2/32

Enable IP Forwarding

echo "net.ipv4.ip_forward=1" | sudo tee /etc/sysctl.d/99-wireguard.conf
sudo sysctl -p /etc/sysctl.d/99-wireguard.conf

Start WireGuard

sudo systemctl enable --now wg-quick@wg0
sudo wg show  # Verify status

Client Configuration

# Generate client keys
wg genkey | tee client_private.key | wg pubkey > client_public.key

# Client config file
[Interface]
PrivateKey = CLIENT_PRIVATE_KEY
Address = 10.0.0.2/24
DNS = 1.1.1.1, 8.8.8.8

[Peer]
PublicKey = SERVER_PUBLIC_KEY
Endpoint = YOUR_SERVER_IP:51820
AllowedIPs = 0.0.0.0/0  # Route all traffic through VPN
PersistentKeepalive = 25

Firewall Configuration

sudo ufw allow 51820/udp
sudo ufw reload

Adding More Clients

# Generate new client keys and add a [Peer] section to server config
# Then restart: sudo systemctl restart wg-quick@wg0

# Generate QR code for mobile clients
sudo apt install qrencode
qrencode -t ansiutf8 < client.conf

Monitoring

# Check connected peers and data transfer
sudo wg show
# Shows: peer public key, endpoint, latest handshake, transfer bytes

Was this article helpful?

Related Articles