Docs / Networking / Setting Up WireGuard VPN on Your VPS

Setting Up WireGuard VPN on Your VPS

By Admin · Mar 16, 2026 · Updated Apr 23, 2026 · 101 views · 2 min read

Why WireGuard?

WireGuard is a modern VPN protocol that's faster, simpler, and more secure than OpenVPN or IPSec.

Feature WireGuard OpenVPN
Protocol UDP UDP/TCP
Encryption ChaCha20, Curve25519 OpenSSL
Code base ~4,000 lines ~100,000 lines
Performance Near wire speed 20-30% overhead
Configuration Minimal Complex

Server Setup

# Install
sudo apt install -y wireguard

# Generate server keys
wg genkey | tee /etc/wireguard/server_private.key | wg pubkey > /etc/wireguard/server_public.key
chmod 600 /etc/wireguard/server_private.key

Server Config

# /etc/wireguard/wg0.conf
[Interface]
PrivateKey = <server_private_key>
Address = 10.0.0.1/24
ListenPort = 51820
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = <client_public_key>
AllowedIPs = 10.0.0.2/32

Enable IP Forwarding

echo "net.ipv4.ip_forward = 1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

Start WireGuard

sudo systemctl enable wg-quick@wg0
sudo systemctl start wg-quick@wg0
sudo ufw allow 51820/udp

Client Setup

# Generate client keys
wg genkey | tee client_private.key | wg pubkey > client_public.key
# Client config
[Interface]
PrivateKey = <client_private_key>
Address = 10.0.0.2/24
DNS = 1.1.1.1

[Peer]
PublicKey = <server_public_key>
Endpoint = your-server-ip:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25

Verify Connection

# On server
sudo wg show

# Expected output shows peer with recent handshake
# peer: <client_public_key>
#   endpoint: <client_ip>:12345
#   latest handshake: 5 seconds ago
#   transfer: 1.2 MiB received, 3.4 MiB sent

Tip Generate a QR code for mobile clients: qrencode -t ansiutf8 < client.conf

Was this article helpful?

Related Articles