Yes you can with WireGuard. WireGuard is a simple, fast and modern VPN that utilizes the best cryptography. It is faster, simpler, leaner, and more useful than IPsec. WireGuard has a much better performance than OpenVPN. It is designed as a Virtual Private Network for running on embedded interfaces and super computers alike, suitable for many different circumstances. Initially released for the Linux kernel, WireGuard is now cross-platform compatible (Windows, macOS, BSD, iOS, Android) and widely deployable. This article was written in October 2021. Now that we are further in time, we can assume that WireGuard has improved even further and added more features to their fantastic VPN software. It is currently regarded as the most secure, easiest to use, and simplest VPN in the industry.
What is the best VPS for a Virtual Private Network in 2021?
According to us (and many others) the best VPS for a Virtual Private Network is Linux Hosts Inc. They are based in the US and UK. It’s our own web host. The company has the lowest cancellation rate in the web hosting industry. You can order their fantastic VPS servers from $15 per month.
Important Note. Most providers of cheap VPS plans practice overselling. Overselling means putting too many customers on the same server. Linux Hosts Inc. is the only web host with a very strict NO OVERSELLING policy.
Turn your VPS into a VPN with WireGuard.
Since the publication of this article, Wireguard has gone through some nice developments. Having already received official approval from Linus Torvalds, it was added to the Linux “net-next” tree in December 2019, before being officially added to the mainline Linux kernel in January 2020. Since then, Wireguard versions have been included in for example the test version of Debian 11, the Generic Kernel Image of Android and in OpenBSD.
The installation guide has also been expanded since the publication of this article and now includes even more platforms that Wireguard runs on. Most of these versions are now out of beta. In addition to the Wireguard modules, tools have also been added to the installation guide to be able to work with those modules.
In an earlier article we wrote about using a VPN connection and its benefits. We also briefly mentioned that it is possible to install a VPN on your VPS. In this article we will discuss this further: what is the advantage of a VPN on your own VPS and how do you set this up using the WireGuard protocol?
Your connection, your data.
Setting your VPS as your private VPN has its uses. For example, it is good to use to set up an encrypted connection from abroad. This makes it ideal for people who regularly rely on hotel Wi-Fi and public networks on the train or in cafes. Those connections can still be used safely, because they are encrypted via your VPS. The biggest advantage is that you keep all your traffic in your own hands. So you don’t have to worry about your VPN provider stealing your data.
However, it is less suitable if you want to be free to choose the IP address of your VPN server, because in most cases your VPS has a fixed IP address. It is also not as ready-to-use as a VPN account that you purchase from a VPN supplier. You will have to get started yourself to make your server ready for use and to set up the VPN protocol on your VPS.
Today, there are some VPN providers that offer this self-hosted functionality. However, there is one that has been getting a lot of attention lately: WireGuard. This relatively new player on the VPN market promises to be faster, more stable and more user-friendly than established names such as OpenVPN and IPSec. WireGuard works with the latest stable versions of high-quality encryption algorithms. It is also many times faster at establishing the connection than its competitors and appears to be much more stable at maintaining that connection. This has its advantages especially when you use a VPN on public networks and don’t want to just fall back to a public connection.
Compact, fast, and cross-platform usable.
In addition, it is also much easier for an open source project to review. This is due to the compact codebase: about 4000 lines of code, compared to the 70,000 lines of code in OpenVPN. WireGuard is already usable on a long list of Linux distributions. It is also available for Windows, macOS, BSD, iOS and Android in convenient software clients. And let’s not forget that it already has the approval of Linus Torvalds himself.
Not really suitable for large companies.
Finally, due to the use of fixed IP addresses, it is not very easy to deploy for large companies. WireGuard does not support dynamically assigning IP addresses. Each client that is used will have to be added manually in the configuration with the corresponding IP address. Do you like to be in complete control and do you want to know where your data goes or what happens to it? Then setting up a VPN on your own VPS with WireGuard is a nice challenge.
Get started yourself!
There are now manuals for almost every distribution on the internet to install WireGuard on your own VPS. Do you want to get started yourself? Then it is advisable to find a manual for your Linux distribution and version after reading this article. Check the WireGuard website for the correct installation for your distribution. https://www.wireguard.com/install/
Since WireGuard runs as a kernel module, you will have to activate it manually. You do that as follows:
If you prefer a reboot, do it now. Check that you have completed this step correctly with the lsmod command:
Configure your server.
WireGuard has its own command to create a key pair for the server or client:
wg genkey | sudo tee private key | wg pubkey | sudo tee public key
With this key pair you can start the configuration. Create it in the right place. Usually this is /etc/WireGuard/. WireGuard itself is based on the wg0.conf file, but you can of course rename it.
Note that the network interface in this example uses ens3. This may depend on your distribution. If you chose an internal IP range such as the 10.10.0.X range in the examples in this article, you will need to set your NAT. Also adjust your firewalls so that the port is actually open. Don’t forget to open it to UDP. WireGuard itself uses port 51820 by default, but this can be changed in the configuration.
As a final step, load WireGuard. You do this with the command:
wg quick up wg0
If you have changed the name of the configuration file, change ‘wg0’ here to the name of your new file.
Set up your client.
Once you’ve gone through these steps, it’s time to set up a client and add your client’s public key to the configuration on the server. WireGuard has also produced a number of software clients for different platforms. These make using your brand new VPN very easy, even for less tech-savvy end users. The Windows client works with a configuration window that automatically creates a new key pair during setup. The rest of the configuration must be completed with the data from the VPN server:
WireGuard apps on iOS or Android.
The iOS and Android apps can be downloaded from the App Store or Google Play. Both apps let you automatically generate a key pair. They do not work with a manually adjustable config, but with a number of input fields. Here you enter the public key of the server, the IP address of the server and other applicable data very easily and quickly.
When these fields are filled in, it is still a matter of adding the client to the configuration on the server. For this, WireGuard has the following command:
wg set wg0 peer <client’s public key> allowed-ips <client’s IP addresses>
If this is done with the correct public key and IP addresses for each client to use, the VPN on your VPS is ready to use. Test your connection with a tool like “What is my IP” to make sure your IP address has changed to that of your VPS. Or check your installation on the server with the command ‘wg’. This will give a similar result to the screenshot below:
Even more gadgets.
WireGuard is relatively easy to install and use. In addition, it offers even more options that are not (yet) built-in as standard. The Android and iOS apps both already have the functionality built in to read QR codes. With this you set up a tunnel in one go. This makes the software even easier for end users on mobile devices if possible. If you want to use this, you will have to spend some time adding the qrencode functionality.
Your VPS as DNS.
In the examples in this article, we assumed Google’s DNS. Would you rather be in control all by yourself? Then also set up your VPS as your own DNS, for example with the Unbound service.
Can I use VPS for VPN – a conclusion.
Don’t forget to check the WireGuard website for the latest additions and other changes. It remains to be seen which functionalities the WireGuard team will add further in the future. But don’t let that stop you from giving WireGuard a shot. WireGuard is already a very strong VPN and a nice addition to your virtual private server. It is not for nothing that the software has so many positive reviews on Google such as those from TechRadar and Reddit for example. Success with VPN on your VPS!