There are many commercial VPN providers out there, but in many cases setting up your own VPN is the best option.
When you use a third-party VPN, your data is routed through their servers, which means we have no knowledge of what happens to our data on the back-end. If you want to maintain your privacy, you should consider setting up your own VPN server using WireGuard.
But why should you use WireGuard to set up a VPN? What is WireGuard? And how can you use it to create your own secure network?
What is WireGuard?
WireGuard is a leading open source VPN that outperforms established VPN protocols such as IPsec and OpenVPN.
Simply put, it’s a virtual private network (VPN) protocol used to encrypt the connection between your device (eg, smartphone or desktop computer) and a VPN server.
Fortunately, it is completely free to use and encrypts the network layer providing a much stronger secure network tunnel.
What do you need before using WireGuard?
Before proceeding to the installation steps, ensure that you have the following prerequisites:
- A Linux-based operating system: This guide uses an Amazon Lightsail server running Ubuntu 20.04 LTS.
- A local computer: We’re using a 64-bit Windows 10 client for this guide (you can also use a remote system).
- WireGuard installed on your local computer.
To download: WireGuard (Free)
Although we used the Ubuntu-based server, it should work with other distros without change, but some tweaking may be needed. Also, if you are connecting to a remote server, make sure you have permission to connect from your local system.
How to setup a new cloud server
To start installing WireGuard, you will need a cloud server. Due to the variety of cloud server providers and configuration options, setting up a new server can be complex.
However, for the sake of simplicity, we can walk you through some basics. No matter what cloud server you’re using, you can start and stop an instance or droplet directly from the server provider’s dashboard.
Next, select a location (ideally near you), configure your server with a decent configuration, and launch your server. If you’re using shared hosting, you won’t get a higher level of performance than if you’re using a managed server.
To note: The newer free version of WireGuard is significantly more resource efficient, requiring no more than 512MB of RAM and one vCPU. However, if you want to connect more than three devices, we highly recommend upgrading to a paid plan.
Installing WireGuard on your server
For the terminal, we use putty to connect to the SSH of our server. If you’ve never used Putty before, you can check out some alternatives for using SSH on Windows.
After launching your cloud server, follow the steps below to install WireGuard on it.
1. Connect to the server and run the following command to make sure the system is up to date:
sudo apt-get update && sudo apt-get upgrade -y
Once this is complete, you can proceed with installing and configuring WireGuard on the server.
2. Now we can install WireGuard by running the following command, which is based on a GitHub script by Angristan:
curl -O https://raw.githubusercontent.com/angristan/wireguard-install/master/wireguard-install.sh
chmod +x wireguard-install.sh
3. Next, run the script using the following command:
4. Immediately after pressing the Enter key, the terminal will display a series of questions. You must answer the questions sequentially, or you can also use the default answers.
5. Press Enter at each step to continue until WireGuard is successfully installed. Now you can exit WireGuard setup on your server by pressing any key.
You must repeat these steps for each client you wish to connect to the WireGuard server.
Fortunately, WireGuard offers software for the majority of operating systems, which simplifies the process of connecting your Windows, Linux, macOS, Android, or iOS devices.
After installing WireGuard, continue with the steps below to configure some additional server-side features.
How to configure the client for WireGuard
Finally, you will need to configure a client to connect and test your WireGuard VPN server. It doesn’t matter if your client runs on Windows, macOS, Linux or BSD. A WireGuard client is a computer or other device that uses its own unique public key to connect to the VPN server. To configure a WireGuard client, follow these steps:
- Now in the terminal type a basic client name and press the Enter key.
- In addition, the terminal will display the IPv4 and IPv6 addresses; hurry Enter twice more.
- At this point, it will automatically create a configuration file for you. Note the file path or copy it.
To note: You must keep the private key secret. Anyone with access to your private key can establish a VPN connection and can even misuse it.
Additionally, WireGuard produces a QR code that can be scanned using any Android or iOS device. This eliminates the need to manually copy configuration files, for example, from your server to your smartphone.
How to configure firewall and IP forwarding
In addition to configuring the WireGuard server, you need to configure your local network and your firewall. This gives you better control over who can connect to your server.
1. Using the following command, open the system configuration file:
sudo nano /etc/sysctl.conf
2. Next, find and remove the “#” symbol from the following line: #net.ipv4.ip forward=1. This enables IPv4 address forwarding on your server.
3. Finally, save the changes and run the command below to make the changes permanent:
sudo sysctl -p
Your WireGuard server will now route traffic to the rest of the world from your WireGuard peers’ clients.
If you are more tech-savvy, you can also set up a firewall to protect your server from malicious attacks. To do this, you can either install a software firewall on your cloud server or enable the “Firewall” feature in your server provider’s instance settings.
How to Connect to Your VPN Using WireGuard
Now that you’ve obtained your client credentials and installed WireGuard on your server, it’s time to connect to your VPN.
Connecting WireGuard VPN on Windows
1. Type the below command in the terminal to see the folders or files in the current directory:
2. Now copy the filename of the configuration file. In our case, the file is called “wg0-client-windows.conf”, although the file name varies by user.
3. Once done, use the below command to read the contents of the file in the terminal.
Don’t forget to replace “wg0-client-ubuntu.conf” with the name of your configuration file.
4. At this step, you will receive information about your WireGuard configuration. Finally, copy everything from “[Interface]” until the end.
5. Now in Windows, open WireGuard and navigate to Add tunnel > Add empty tunnel.
6. Give the tunnel a name and paste the copied text into the editor area. When finished, click the to safeguard button.
7. On the next screen, click Activate to connect to your VPN.
Connect WireGuard VPN on Android
WireGuard is compatible with almost all Android phones, regardless of Android version. Other than that, the steps to connect your VPN for iOS devices are the same as for Android devices.
To set up your VPN on any Android phone using WireGuard, follow these steps:
- Download and install it WireGuard App.
- Open the app and tap the floating icon on the bottom right of your phone.
- Press the SCAN FROM QR CODE option.
- Grant the required permissions and scan the QR code.
- When done, enter a new tunnel name and press Create a funnel.
- Finally, toggle the switch to connect to your own VPN.
Now you can quickly configure any number of WireGuard servers and clients to create an encrypted private network that is not controlled by anyone but you.
Since the majority of VPN providers also use the WireGuard protocol, there is no reason to pay them a high price and give them access to your data when you can manage everything effectively yourself by following the steps below. -above.
Increase privacy with a private VPN
Now you can set up your own VPN quickly and easily using WireGuard. If, on the other hand, you are not interested in investing your time, the easiest approach is to pay for a VPN subscription.
If you want more control and privacy, you should try installing a VPN on your router or even hosting your own VPN server.
A notable advantage of WireGuard is that there are no restrictions on connected clients, which means you can connect to as many clients as you want. However, keep in mind that the more clients there are on a low-spec server, the slower it will be.
Looking for a fast VPN but don’t want to pay too much? Here are the fastest VPN services we’ve tested.
About the Author