How to setup your own WireGuard VPN server

[Tr0jan_Horse]

Protecting yourself with your VPN on WireGuard


In the era of digital blocking, surveillance of every movement on the web, inaccessibility of some resources due to geo of your IP and similar reasons, it is necessary to protect yourself at least in a basic way, regardless of whether it is a personal or work device.

The use of ready-made VPN-services or official hosting does not solve the problem of anonymization, because at the first request of law enforcement agencies your real data will be given out without any complaints. However, this point can be solved by creating your own VPN on an offshore hosting, where there is a bonus and payment in cryptocurrency.
Spoiler: Just a VPS is enough.

The offshore hosting services mentioned above are a great addition to what we're planning to do. You can find these with a simple search. However, be sure to research the site as no one has canceled the work of scammers.

1. First of all, let's connect to our VPS.

sudo apt update && sudo apt upgrade -y

2. update the system packages:

sudo apt update && sudo apt upgrade -y

3. Install WireGuard itself:

sudo apt install wireguard -y

2. Just in case, let's check the WireGuard module:

sudo modprobe wireguard

4. Create a directory for configuration:

sudo mkdir /etc/wireguard

5. Now we will need the configuration keys:

cd /etc/wireguard
sudo wg genkey | sudo tee privatekey | sudo wg pubkey | sudo tee publickey

6. Save the keys to the variable buffer:

PRIVATE_KEY=$(sudo cat privatekey)
PUBLIC_KEY=$(sudo cat publickey)

7. Create a configuration file:

sudo nano /etc/wireguard/wg0.conf

8. Add all the settings:

[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = $PRIVATE_KEY

[Peer]
PublicKey = <CLIENT_PUBLIC_KEY>
AllowedIPs = 10.0.0.2/32

9. Enable IP addressing:

echo “net.ipv4.ip_forward = 1” | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

10. Let's also configure NAT via iptables:

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i wg0 -j ACCEPT
sudo iptables -A FORWARD -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT

11. Save the iptables rules:
Remember to install the iptables-persistent package if it is not installed:

sudo apt install iptables-persistent -y

This gives us a customized VPS to create the configuration. Now let's create WireGuard on Linux/Ubuntu systems:
1. Install WireGuard:

sudo apt install wireguard -y

2. Generate keys:

wg genkey | tee privatekey | wg pubkey | tee publickey

3. Get your client's public key:

CLIENT_PUBLIC_KEY=$(cat publickey)

4. Add the client to the server configuration (edit the /etc/wireguard/wg0.conf file on the server):

[Peer]
PublicKey = $CLIENT_PUBLIC_KEY
AllowedIPs = 10.0.0.0.2/32

5. Create a client configuration file (on the device):

nano ~/wg0.conf

6. Add the following configuration (replace with the IP of your VPS):

[Interface]
Address = 10.0.0.2/24
PrivateKey = <CLIENT_PRIVATE_KEY>

[Peer]
PublicKey = <SERVER_PUBLIC_KEY>
Endpoint = ваш_vps_ip:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25

Save and you're done! All that's left is to run it:
1. Start WireGuard on the server:

sudo wg-quick up wg0

2. Run WireGuard on the system:

sudo wg-quick up ~/wg0.conf

3. Check the connection status:

sudo wg show

Bonus:
To have WireGuard automatically start at system boot, run the following commands on the server:

sudo systemctl enable wg-quick@wg0

Now your own WireGuard-based VPN is ready to use! Have fun surfing!

 

[M6nems]

hm

 

[EcoWave]

best

 

[M3TO]

qwe

 

[Bstewart]

ty

 

[Xnejjdnf]

thx

 

[VipStore]

+

 

[oneplus13r]

!

 

[adam12xx]

best

 

[rarehunter]

hm

 

[Mahendra0912]

hm

 

[ColdFusionz]

+

 

[DrHypnotie]

ok

 

[dually_tx]

qwe

 

[hitare144]

thanks