Short Answer (quick read):
The question “VPS as VPN” can be answered by taking a quick look at this system. So, here we go:
VPN on VPS is possible and easy thanks to Wire Guard. Wire Guard is a simple, fast and modern Virtual Private Network that utilizes the best cryptography. It is quicker, easier, cleaner, and more powerful than IPsec. Wire Guard has a much better performance than OpenVPN. It is created as a Virtual Private Network for working on interfaces and super computers, suitable for numerous different situations. Wire Guard was initially released for the Linux kernel but is now compatible with Android, iOS, Windows, MAC, BSD and much more. This article was written in October 2021. Now that we are further in time, we can assume that Wire Guard has improved even further and added more features to their fantastic VPN software. It is currently seen as the easiest, and most reliable Virtual Private Network in the industry. The installation instructions can be found below.
How to use VPN on VPS offered by this wonderful Cloud hosting company?
Installing a Virtual Private Network is very easy with the VPS plans offered by this Cloud provider. And that is certainly valid for Wire Guard. Just follow the simple instructions in this article and your VPN on a Virtual Private Server is ready! The VPN installation will go fast because the company is in the Cloud. Moreover, this practically eliminates VPN downtime. And, it’s the only web host in the world with a strict No Overselling Policy.
PS. By the way, I use this Cloud Hosting Service myself on a daily basis and I love it!
Hopefully this summary was good enough to explain how to setup VPN on VPS. However, we invite you to read on to learn everything about the details.
How to use a VPS as a VPN with Wire Guard.
Since the publication of this article, Wire guard has gone through some nice developments. Having already received official approval from Linus Torvalds, it was added to the Linux “net-next” tree in December 2019, before being officially added to the mainline Linux kernel in January 2020. Since then, Wire guard versions have been included in for example the test version of Debian 11, the Generic Kernel Image of Android and in OpenBSD.
The installation guide has also been expanded since the publication of this article and now includes even more platforms that Wire guard runs on. Most of these versions are now out of beta. In addition to the Wire guard modules, tools have also been added to the installation guide to be able to work with those modules.
In an earlier article we wrote about using a VPN connection and its benefits. We also briefly mentioned that it is possible to install a Virtual Private Network on your Virtual Private Server. In this article we will discuss how to make VPN on VPS and what the advantages are.
Your connection, your data.
Setting your VPS as your private VPN has its uses. For example, it is good to use to set up an encrypted connection from abroad. This makes it ideal for people who regularly rely on hotel Wi-Fi and public networks on the train or in cafes. Those connections can still be used safely, because they are encrypted via your Virtual Private Server. The biggest advantage is that you keep all your traffic in your own hands. So you don’t have to worry about your Virtual Private Network provider stealing your data.
However, it is less suitable if you want to be free to choose the IP address of your VPN server, because in most cases your Virtual Private Server has a fixed IP address. It is also not as ready-to-use as a VPN account that you purchase from a VPN supplier. You will have to get started yourself to make your server ready for use and to set up the Virtual Private Network protocol on your Virtual Private Server .
Today, there are some Virtual Private Network providers that offer this self-hosted functionality. However, there is one that has been getting a lot of attention lately: Wire Guard. This relatively new player on the VPN market promises to be faster, more stable and more user-friendly than established names such as OpenVPN and IPSec. Wire Guard works with the latest stable versions of high-quality encryption algorithms. It is also many times faster at establishing the connection than its competitors and appears to be much more stable at maintaining that connection. This has its advantages especially when you use a Virtual Private Network on public networks and don’t want to just fall back to a public connection.
Compact, fast, and cross-platform usable.
In addition, it is also much easier for an open source project to review. This is due to the compact code base: about 4000 lines of code, compared to the 70,000 lines of code in OpenVPN. Wire Guard is already usable on a long list of Linux distributions. It is also available for Windows, macOS, BSD, iOS and Android in convenient software clients. And let’s not forget that it already has the approval of Linus Torvalds himself.
This VPN on VPS is not suitable for large companies.
Finally, due to the use of fixed IP addresses, it is not very easy to deploy for large companies. Wire Guard does not support dynamically assigning IP addresses. Each client that is used will have to be added manually in the configuration with the corresponding IP address. Do you like to be in complete control and do you want to know where your data goes or what happens to it? Then setting up a Virtual Private Network on your own Virtual Private Server with Wire Guard is a nice challenge.
How to setup a VPN on a VPS? Get started!
There are now manuals for almost every distribution on the internet to install Wire Guard on your own VPS. Do you want to get started yourself? Then it is advisable to find a manual for your Linux distribution and version after reading this article. Check the Wire Guard website for the correct installation for your distribution. https://www.wireguard.com/install/
Since Wire Guard runs as a kernel module, you will have to activate it manually. You do that as follows:
If you prefer a reboot, do it now. Check that you have completed this step correctly with the lsmod command:
Configure your server.
Wire Guard has its own command to create a key pair for the server or client:
wg genkey | sudo tee private key | wg pubkey | sudo tee public key
With this key pair you can start the configuration. Create it in the right place. Usually this is /etc/WireGuard/. WireGuard itself is based on the wg0.conf file, but you can of course rename it.
Note that the network interface in this example uses ens3. This may depend on your distribution. If you chose an internal IP range such as the 10.10.0.X range in the examples in this article, you will need to set your NAT. Also adjust your firewalls so that the port is actually open. Don’t forget to open it to UDP. Wire Guard itself uses port 51820 by default, but this can be changed in the configuration.
As a final step, load Wire Guard. You do this with the command:
wg quick up wg0
If you have changed the name of the configuration file, change ‘wg0’ here to the name of your new file.
Set up your client.
Once you’ve gone through these steps, it’s time to set up a client and add your client’s public key to the configuration on the server. Wire Guard has also produced a number of software clients for different platforms. These make using your brand new Virtual Private Network very easy, even for less tech-savvy end users. The Windows client works with a configuration window that automatically creates a new key pair during setup. The rest of the configuration must be completed with the data from the VPN server:
Wire Guard apps on iOS or Android.
The iOS and Android apps can be downloaded from the App Store or Google Play. Both apps let you automatically generate a key pair. They do not work with a manually adjustable config, but with a number of input fields. Here you enter the public key of the server, the IP address of the server and other applicable data very easily and quickly.
When these fields are filled in, it is still a matter of adding the client to the configuration on the server. For this, Wire Guard has the following command:
wg set wg0 peer <client’s public key> allowed-ips <client’s IP addresses>
If this is done with the correct public key and IP addresses for each client to use, the VPN on your Virtual Private Server is ready to use. Test your connection with a tool like “What is my IP” to make sure your IP address has changed to that of your VPS. Or check your installation on the server with the command ‘wg’. This will give a similar result to the screenshot below:
Even more gadgets.
Wire Guard is relatively easy to install and use. In addition, it offers even more options that are not (yet) built-in as standard. The Android and iOS apps both already have the functionality built in to read QR codes. With this you set up a tunnel in one go. This makes the software even easier for end users on mobile devices if possible. If you want to use this, you will have to spend some time adding the qrencode functionality.
Your VPS as DNS.
In the examples in this article, we assumed Google’s DNS. Would you rather be in control all by yourself? Then also set up your Virtual Private Server as your own DNS, for example with the Unbound service.
Can I use my VPS as a VPN – the conclusion.
As you’ve been able to read, it’s possible and not so difficult to use VPS as VPN. But, don’t forget to check the Wire Guard website https://www.wireguard.com for the latest additions and other changes. It remains to be seen which functionalities the Wire Guard team will add further in the future. But don’t let that stop you from giving Wire Guard a shot. Wire Guard is already a very strong Virtual Private Network and a nice addition to your virtual private server. It is not for nothing that the software has so many positive reviews on Google such as those from Tech Radar and Reddit for example.
Last but not least, if you’re looking for the best Virtual Private Server that is also cheap then give the fabulous company Linux Hosts Inc. a shot! (see the start of this article). We can assure you that you’ll never be disappointed! Success!