✅ How to get your Wireguard VPN server easily and simply? ✅
In this article, we will look at a quick and easy installation of a WireGuard VPN server on a Linux VPS.
The article will be adapted for Debian 12, Ubuntu 22.04, CentOS 8/9, AlmaLinux 9.2 based on some WireGuard server limitations and needs.
For the VPN server you can use any of our tariffs ➡️ https://sebekvps.com/.
1️⃣ Choose a tariff, order a server, get connection data.
2️⃣ Connect to our server via SSH (article how to connect to a server via SSH).
3️⃣ Now we will execute the following commands:
If you have Debian 12, Ubuntu 22.04:
❗️❗️ Write 1 command at a time, do not copy all commands at once ❗️❗️
- Update the package listapt update -y
- Update the system packagesapt upgrade -y
Wait for the upgrade to complete.
- Install the required packagesapt install wget curl sudo qrencode -y
- Install Dockercurl -sSL https://get.docker.com/ | CHANNEL=stable bash
- Activate Dockersystemctl enable --now docker
If you have CentOS 8/9, AlmaLinux 9.2
❗️❗️ Write 1 command at a time, don't copy all commands at once ❗️❗️
- Update package listyum update -y
- Update system packagesyum upgrade -y
Wait for the upgrade to finish.
- Install the required packagesyum install epel-release -y
- Update the list of packages againyum update -y
- Install the required packagesyum install wget curl sudo qrencode -y
- Install Dockercurl -sSL https://get.docker.com/ | CHANNEL=stable bash
- Activate Dockersystemctl enable --now docker
⬇️ ⬇️ ⬇️
Starting a VPN WireGuard server on a Linux VPS and connecting to it
Let's create a working folder for our WireGuard server, our connection profiles will be generated there.mkdir /home/wireguard-server
Now, we will create a Docker container and launch our WireGuard server. Below, in red text, you'll see an example command. Beneath it, you'll find explanations for all the parameters, which you can customize to your needs and then use the given command in the terminal!
docker run -d --name=wireguard-server --cap-add=NET_ADMIN --cap-add=SYS_MODULE -e PUID=1000 -e PGID=1000 -e TZ=Etc/UTC -e SERVERURL=$(curl https://ipv4.icanhazip.com/) -e SERVERPORT=51820 -e PEERS=10 -e PEERDNS=auto -e INTERNAL_SUBNET=10.13.13.0 -e ALLOWEDIPS=0.0.0.0/0 -e PERSISTENTKEEPALIVE_PEERS= -e LOG_CONFS=true -p 51820:51820/udp -v /home/wireguard-server/config:/config -v /lib/modules:/lib/modules --sysctl="net.ipv4.conf.all.src_valid_mark=1" --restart unless-stopped linuxserver/wireguard
Promo code: KNOWLEDGE_BASE
Select a plan: ➡️ https://sebekvps.com/
✅ And now, moving forward with our article! ✅
Let's go through some of the items from the command to start our WireGuard server in the Docker container.
❗️❗️Recommended item for editing:
SERVERURL - By default we get IP address of VPS server through API with command $(curl https://ipv4.icanhazip.com/).
You can change this text to VPS IP or your domain manually, this information will be specified in the configs of peers (clients) to connect.
PEERS - the number of WireGuard profiles that will be generated by the server for the connection. 1 PEERS - 1 connection. In WireGuard you cannot give one profile to different users to connect to it at the same time, there is a strict policy and each connection must have its own PIR, with unique encryption keys. The default value is 10, set this to a higher number if you need it.
❗️❗️ Optional items for editing:
SERVERPORT - you can specify a different port for the server, but in fact this item is also not necessary to touch.
PEERDNS - here you can optionally specify a different DNS server from the one you have on your VPS, if you leave auto - the DNS server of your VPS server will be used.
INTERNAL_SUBNET - pool of addresses from which the local address for the VPN client will be issued, do not change unnecessarily.
-p 51820:51820/udp - in this item we open the port for the Docker container, the first value is 51820, this is the port on the VPS that will be used, the second value is 51820, this is the port that will be accessed inside the Docker container, in our case both ports are identical, since SERVERPORT is 51820, our main port on the VPS will be 51820. You don't need to change this value if everything works by default.
-v /home/wireguard-server/config:/config - here we specify a working folder to save WireGuard server configs, which we created earlier specifically for this purpose.
➡️ Now you can find in the /home/wireguard-server/config/ folder a list of peer1 peer2 peer3 and so on, there will be as many of them as set in the PEERS clause earlier.
1 PEERS - 1 connection. In WireGuard you cannot give one profile to different users to connect to it at the same time, there is a strict policy and each connection must have its own PIR, with unique encryption keys. The default value is 10, set this to a higher number if you need it.
✅ Now we need to connect to our VPN server.
We can do this in three different ways.
1️⃣ Download the config via SFTP /home/wireguard-server/config/peer1/peer1.conf (e.g. for peer1, for peer2 just change the name of peer1 to peer2)
or display the contents of the file through the SSH client with the commandcat /home/wireguard-server/config/peer1/peer1.conf
We will see roughly the following contents[Interface]
Address = 10.13.13.2
PrivateKey = CLkwEZdezNghwO7ulkL+qUzrMnVvlwAP+yfGLM5lhUs=
ListenPort = 51820
DNS = 10.13.13.1
[Peer]
PublicKey = DaulLaaYnHyihXty1lXS6dlPRgGSD3Q03k03k8tFERGMDU=
PresharedKey = I+fNHqZHST1OOv/qqqSvDTuGZeRGS3sEx+hlBdHORBUk=
Endpoint = wireguard-server.vps.cloudsebek.com:51820
AllowedIPs = 0.0.0.0.0/0
We will need to create an empty tunnel in the wireguard application on windows/macos/linux and paste this content into it, as well as specify an arbitrary name for this connection.
Or you can upload the config to a file sharing site with the command below and give the link to the person you need to import the config into the application.curl --upload-file /home/wireguard-server/config/peer1/peer1.conf https://transfer.sh/peer1.conf ; echo ""
You will see a link to download the peer1.conf file in your terminal, ❗️❗️ NOTE, the QR displayed at the link is NOT the information to connect to the WireGuard server.
2️⃣ Download the image with the QR code /home/wireguard-server/config/peer1/peer1.conf to your PC via SFTP to open and quickly connect via the WireGuard client on your mobile device.
Alternatively, upload the image with the QR code to a file sharing site using the command below and give the link to the right person so that they can download it and scan it from their mobile device.curl --upload-file /home/wireguard-server/config/peer1/peer1.png https://transfer.sh/peer1.png ; echo ""
3️⃣ Generate a QR code directly in the terminal and scan it with your mobile device.qrencode -t ansiutf8 < /home/wireguard-server/config/peer1/peer1.conf
❗️❗️We'd like to remind you again that you need to download this file first, and only then proceed with the scanning.
SUBSCRIBE TO OUR CHANNEL
(there's a lot of useful content)
Promo code: KNOWLEDGE_BASE
Select a plan: ➡️ https://sebekvps.com/