How to Setup WireGuard VPN on VPS | Ubuntu Guide

The VPS technology itself is more or less efficient in getting users a fresh IP address, masking their original local IP address. Still, certain users look for even more security and anonymity in the online world, and for a good reason too. It’s no secret that online privacy is increasingly waning away. Therefore, a lot of users have begun to use VPS and VPN in conjunction with each other. Some use VPS servers as VPN servers, while others use the VPN on their VPS server, meaning that they install and operate their VPS with an active VPN. WireGuard, alongside other popular options such as OpenVPN and Cisco variants, is a very popular choice, mostly due to the fact that it is inherently configurable and adaptable to the OS you’re going to use and can even be used for reverse proxy operations. This has given rise to VPS servers that some have dubbed WireGuard VPS.

In this article, we are going to familiarize ourselves with the WireGuard VPN, its advantages and features, as well as how to install it on our Ubuntu VPS server. We are also going to explore the renowned reverse proxy feature of the WireGuard VPN!

What Is WireGuard VPN?

WireGuard VPN is a creatively new VPN client and service that primarily acts as a communication protocol. Originally written by Jason A. Donenfeld in 2015, it has since developed into open-source VPN software. Despite its young age, WireGuard VPN is known for its flexibility and myriad features. WireGuard still receives active development, and it aims to add more and more features. Wireguad transmits data over the UDP protocol as its primary VPN protocol. One of the main promises of WireGuard VPN is the enhancement of performance to the extent that it can outperform credible rival protocols such as OpenVPN and IPsec.

WireGuard is also known for its minimal approach to user interface and ease of operation, prioritizing the end user. Configuring other VPN clients can often be a pain; there are simply too many options and buttons to click. WireGuard solely uses the UDP protocol, so you won’t be confused with many different options, and the installation process is also quite easy. All in all, it’s easy to say that WireGuard is aiming to become the quintessential all-in-one VPN package for advanced and beginner users alike. But what are some of the key advantages of WireGuard?

Advantages of WireGuard VPN

There are a number of unique advantages to WireGuard VPN that have made it reliable and popular enough to be used in what many describe as the WireGuard VPS. These advantages include, but are not limited to:

• Advanced cryptography featuring protocols such as Poly1305, Curve25519, HKDF, Noise protocol framework, ChaCha20, BLAKE2, and SipHash24.
• Sound and easy-to-understand security, easily adjustable and configurable with a few lines of code.
• Reverse proxy implementation
• An easy-to-use installation and user-friendly user interface
• Open-source development scheme, allowing you to alter the program to suit your needs or contribute to the program.
• Advanced AED-256 encryption provides full data security.
• Built-in roaming configuration allows for efficient data allocation per end user.
• A lightweight program that can run on any device
• The UDP protocol allows for incredibly fast and low-latency VPN options.
• The incredibly high number of supported platforms, including Android, iOS, Linux, FreeBSD, NetBSD, OpenBSD, macOS, and Windows versions from 7 onwards.

Also Read: How to Install PPTP VPN Server on Your VPS

The high configurability of WireGuard and the amount of resources it supports makes it ideal for VPS users who may switch between devices and OS options on a whim. Now let’s get to the installation process. We start with Ubuntu as the representative of Linux.

WireGuard VPS Setup (Ubuntu 🐧)

Wireguard VPS setup on a Ubuntu VPS is no different than installing it on a local system, with the notable difference that you need to first log into your VPS account. So before anything, make sure you are logged in with whatever protocol you use for your VPS server. Usually, but not necessarily, the protocol of Ubuntu is SSH, and for Windows, it is RDP.

Prerequisites

You are going to need a non-root user with sudo access in order to execute the commands that we are going to use to install WireGuard on VPS. If you are going to host a WireGuard VPN on your WireGuard VPS, then you also need two separate Ubuntu servers and versions with matching patches, one for hosting and the other one to work as a client; if you do not wish to host, then skip this optional step, and a sole sudo access account is enough.

Step 1: Update Your Repository

Installing any program on Ubuntu starts with updating the repository and system packages. So enter the following command to update them:

$ sudo apt update

Step 2: Get the WireGuard VPN Files

Now we go straight for the following command to download and install WireGuard VPN:

$ sudo apt install wireguard -y

Wait for the files to download and install.

Step 3: Get the Private and Public Keys

You are going to need these keys in order to run WireGuard VPN on your Ubuntu. Enter the following command to get the private key:

$ wg genkey | sudo tee /etc/wireguard/private.key

And then the following command to get the public key: 

$ sudo cat /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key

Step 4: Setup Your IPv4 and IPv6 Configuration

Now we need to set up an IP address range in order to, as part of your WireGuard VPS server, I am going to use a random IP range, but you can replace the address in the command line to make your own IP range. Use the nano in the following command:

$ sudo nano /etc/wireguard/wg0.conf

Then enter the following lines to configure the IP range

[Interface]

PrivateKey = {servers_generated_private_key}

Address = 172.16.0.0/12

ListenPort = 51820

SaveConfig = true

In the prompt, save the resulting file.

Step 5: Configure Port Forwarding and the /etc/ sysctl.conf File

Here we need to alter the line in the aforementioned folder in order to make the connection happen later. Enter the first command to bring up the /etc/ sysctl.conf file:

$ sudo nano /etc/sysctl.conf

Then add the following lines one by one in order to enable forwarding:

    net.ipv4.ip_forward=1

Then this line, if you are going to use IPv6:

    net.ipv6.conf.all.forwarding=1

Open the terminal and put in the next few commands to read the values for your input and output:

$ sudo sysctl -p

    net.ipv4.ip.forward = 1

And the following for IPv6:

    net.ipv6.conf.all.forwarding = 1

Step 6: Adjust the Firewall (Optional)

In this step, we need to configure the firewall as is required for a lot of network-created programs that are installed on Ubuntu. First, find the public network interface for your server with this command:

$ ip route list default

And then look for this line in the output:

    default via XXX.XXX.XXX.XXX dev eth0 onlink

Eth0 signifies the public network interface. You need to add this to your IP table. Bring up the config file:

$ sudo nano /etc/wireguard/wg0.conf

Navigate to the very end of the file and add the following text block, simply copy and paste:

    PostUp = ufw route allow in on wg0 out on eth0

    PostUp = iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE

    PostUp = ip6tables -t nat -I POSTROUTING -o eth0 -j MASQUERADE

    PreDown = ufw route delete allow in on wg0 out on eth0

    PreDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

    PreDown = ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

Remove the lines depending on whether you are going to use IPv4 or IPv6. Now lets get to the important part of making an exception for the UDP ports on which WireGuard runs. By default, this port is 51820. So this is the port we need to open. Enter the command:

$ sudo ufw allow 51280/udp

Now quickly enable and disable UFW to load the changes you made:

$ sudo ufw disable

$ sudo ufw enable

Now check the UFW rules with the following command: 

$ sudo ufw status

The output should look like this: 

    To Action From

    — —— —-

    51820/udp ALLOW Anywhere

    OpenSSH ALLOW Anywhere

    51820/udp (v6) ALLOW Anywhere (v6)

    OpenSSH (v6) ALLOW Anywhere (v6)

Step 7: Configuring the Server

Now you have the WireGuard client installed and ready to connect. You can use any server that you have made or purchased in order to connect using it. If you want to create your own WireGuard VPS server to use as a VPN, then you can follow this step.

We are going to use a three-line command sequence to make this happen. The first command will enable WireGuard to startup with each boot and reboot. The second line starts the service and the third will keep it running. Enter the commands one at a time:

$ sudo systemctl enable [email protected]

$ sudo systemctl start [email protected]

$ sudo systemctl status [email protected]

Congrats, you have finally had the client and your own server running. You can use the client to connect to another server, or you can boot the WireGuard client in another system and connect to your very own WireGuard VPS host that works as a VPN.

Also Read : Best VPS for VPN in 2022

WireGuard Reverse Proxy

One of the most important features of WireGuard VPS, is its ability to be used in a reverse proxy operation in conjunction with tools such Nginx. Reverse proxies are useful in circumventing Internet censorship. They are also quite useful in facilitating more efficient data flow from certain programs and applications to the destination host. Here is a short guide to utilize WireGuard reverse proxy with Nginx.

Step 1: Install Nginx

Enter the following command in order to install Nginx:

sudo apt update -y && sudo apt install -y nginx

Then enter this line to keep the Nginx web server up and running:

sudo systemctl start nginx

Step 2: Configure Nginx

Open the following config file using superuser access:

    /etc/nginx/nginx.conf

Now look for the part that reads “stream{” and there add these additional lines:

    server {

        listen 80 udp;

        proxy_pass 127.0.0.1:51820;

    }

Quit nano and run the next command to test Nginx config file:

sudo nginx -t

With these lines, you have now enabled port 80, which is needed to run a reverse proxy.

Step 3: Connect Through HTTP Port 80

Now it’s time to put everything into motion and connect the reverse proxy, which will allow multiple devices to connect to the VPN over a blocked network and perform much better. First, bring up the computer’s tunnel configuration file to make the active HTTP port 80 instead of 51820. Then run WireGuard and connect it, which will create a reverse proxy over the network using port 80. Congratulations!

Best Way to Connect VPS to Home Network

A lot of people who travel a lot and also need the IP static of their work or home network in order to perform certain tasks can use WireGuard VPN on their VPS server in order to connect via the VPS to their home and workplace networks. To do this, a VPS server and a VPN installed on that server are needed. WireGuard has a built-in feature to do this. Therefore it is one of the best and most efficient platforms to connect your VPN to your home network. This deployment of an Ubuntu VPS makes a unique and satisfying WireGuard VPN experiment.

Conclusion

If you need a VPS server in order to run your WireGuard VPN on, then you can opt for Cloudzy’s elite Ubuntu Linux VPS. It comes with the latest updates and more than 15 different data centers to choose from. It has excellent compatibility with different VPN services, including WireGuard, and will help you run operations such as reverse proxies as well as connect the VPS to your workplace or home network. Cloudzy’s Ubuntu servers feature ironclad security, flexible billing, different payment options, and a 7-day money-back guarantee as well!

FAQ

OpenVPN vs WireGuard, which one is faster?

Wireguard’s UDP protocol makes it one of the fastest VPN services in the world, above even OpenVPN. However, there are certain drawbacks to this, but nothing serious.

Is WireGuard VPN Free?

Yes. Wireguard is free and open-source. You can easily install the client for free and configure your own server or buy one if you want dedicated resources. But the client and services are free.

Do I Need Port Forwarding for WireGuard?

You may need to forward some ports to get WireGuard to work on Linux. In this guide, we used port 80 for reverse proxy purposes and port 51820 for normal VPN use.