How to Setup WireGuard VPN on VPS | Ubuntu Guide

In a world valuing online privacy, Virtual Private Networks (VPNs) are crucial for securing our digital presence. Among VPN protocols, WireGuard stands out for its simplicity and strong security. We’ll guide you through creating a WireGuard VPN on an Ubuntu VPS. The internet is rich with information but risks our data. A VPN secures you by encrypting and routing your connection through a safe server. This shields you from cyber threats, advertisers, and surveillance.

WireGuard shines with its strong security and efficiency. Unlike other protocols, it’s fast and secure. Its concise codebase makes audits easier, and modern encryption ensures speed and safety. Our guide helps you set up WireGuard on an Ubuntu VPS. Don’t worry if servers seem complex; our steps and explanations will give you the confidence to create a secure VPN.

Let’s create a WireGuard VPN. We’ll prep your VPS server, install WireGuard, set up encryption keys, configure clients, enable IP forwarding and firewalls, and connect to your new VPN. By the end, you’ll have a working VPN and a better grasp of WireGuard’s mechanics. Start this journey to a safer online experience.

What Is WireGuard VPN?

WireGuard VPN is a modern and efficient virtual private network protocol designed for secure communication over the internet. It aims to provide a simple, lightweight, and high-performance solution for creating encrypted tunnels between devices, ensuring data privacy and security.

Compared to traditional VPN protocols like OpenVPN and IPSec, WireGuard stands out for its minimalistic codebase, which makes it easier to audit for security vulnerabilities. It’s also known for its speed and efficiency, as it uses state-of-the-art cryptography and streamlined design principles.

WireGuard focuses on simplicity and strong security, making it an attractive choice for those who want a reliable and user-friendly VPN solution. It has gained popularity for its ease of use, making it accessible to both experienced users and newcomers to the world of VPNs.

Preparing Your VPS

Before we start setting up your WireGuard VPN, ensure your Virtual Private Server (VPS) is ready. Here’s how to pick a provider and set up the server.

Choose a VPS Provider:

• Location: Pick a provider with nearby servers for better VPN performance.
• Resources: Match your user count with CPU, RAM, and storage.
• Budget: Balance resources and cost.
• User-Friendly: Opt for an easy-to-use interface.
• Support: Go for providers with responsive support.

Set Up Your VPS:

• Register with your provider.
• Choose a suitable plan. Ubuntu OS is recommended.
• After signup, follow their email instructions to SSH into your server.

Update Packages:

SSH into your VPS.

Update packages:

sudo apt update

sudo apt upgrade

Create Non-Root User:

• Make a safer non-root user:

sudo adduser username

Give Admin Rights:

• Add the user to the “sudo” group:
• sudo usermod -aG sudo username
• Disable Root Login
• Disable root login on SSH vps for security purposes:

sudo nano /etc/ssh/sshd_config

Change “PermitRootLogin” to “no.”

Secure SSH:

• Change the SSH port:

sudo nano /etc/ssh/sshd_config

Restart SSH service:

sudo systemctl restart ssh

These steps prepare your VPS for setting up WireGuard VPN.

Installing WireGuard

With your VPS set up, it’s time to install WireGuard. This VPN protocol is efficient and easy to use. Let’s get WireGuard on your Ubuntu VPS.

Updating and Upgrading Packages:

• Before WireGuard, update packages:
• Connect to VPS via SSH with the user you created.
• To Update and upgrade packages run this command

sudo apt update

sudo apt upgrade

Installing WireGuard:

• To Install WireGuard Run this command:

sudo apt install wireguard

Kernel Modules

• WireGuard needs kernel modules
• Check if WireGuard modules are installed by running this command:

lsmod | grep wireguard

• No output is normal.

Load modules

Run this command:

sudo modprobe wireguard

Verifying WireGuard

Check WireGuard version by running command:

sudo wg --version

Now, you have WireGuard installed and ready on your VPS.

Generating Encryption Keys

With WireGuard successfully installed on your Virtual Private Server (VPS), the next crucial step is to generate the encryption keys that will form the backbone of your VPN’s security. In this section, we’ll guide you through the process of generating these keys, ensuring a secure and private connection for your VPN.

Creating the Server Private and Public Keys

WireGuard operates on a unique cryptographic principle that uses key pairs for both the server and clients. Let’s start by generating the server’s private and public keys:

Navigate to WireGuard Directory

Create a directory to organize your WireGuard configuration files:

mkdir ~/wireguard-config

cd ~/wireguard-config

Generate Server Keys

Generate the server’s private and public keys using the following command:

umask 077

wg genkey | tee privatekey | wg pubkey > publickey

Configuring WireGuard Server

With the keys generated, let’s proceed to configure the WireGuard server:

Creating Server Configuration File

Use a text editor to create a configuration file for the WireGuard server, e.g., wg0.conf:

nano wg0.conf

Configure the Server

Inside the configuration file, add the following lines, replacing private key with the content of the server’s private key generated earlier:

Address = 10.0.0.1/24
SaveConfig = true
ListenPort = 51820
PrivateKey = <privatekey>

Here, you’re defining the server’s IP address (Address), enabling automatic configuration saving (SaveConfig), specifying the listening port (ListenPort), and providing the server’s private key (PrivateKey).

Saving the Configuration

After configuring the server, save and exit the text editor.

Restarting WireGuard

Apply the configuration changes and start the WireGuard service:

sudo wg-quick up wg0

Enabling WireGuard on Boot

Enable the WireGuard service to start automatically on boot:

sudo systemctl enable wg-quick@wg0

Conclusion

In a digital world where privacy concerns and data breaches are an everyday reality, the significance of a robust Virtual Private Network (VPN) cannot be overstated. Throughout this guide, we’ve journeyed through the intricate process of setting up a WireGuard VPN on a Virtual Private Server (VPS) running Ubuntu server, unraveling the layers of security, simplicity, and performance that WireGuard brings to the table. The WireGuard VPN is more than just a setup. It’s a shield against online dangers, protecting your digital independence and showing your dedication to online safety. Whether you’re on public Wi-Fi, sharing secrets, or just exploring online, your WireGuard VPN is your loyal companion.