Prerequisites
Before starting, ensure you have:
Server Requirements
- โข SOAHost VPS (Ubuntu 22.04/24.04)
- โข Root access to server
- โข SSH client
Knowledge Requirements
- โข Basic Linux command line
- โข Understanding of networking basics
- โข SSH connection skills
Initial Server Setup
Connect to your SOAHost VPS and update the system:
ssh root@your-server-ipapt update && apt upgrade -y๐ก Tip: Replace "your-server-ip" with your actual SOAHost VPS IP address.
Install WireGuard
Install WireGuard and necessary utilities:
apt install wireguard wireguard-tools -yโ WireGuard is now installed and ready for configuration.
Generate Server Keys
Generate the server's private and public keys:
cd /etc/wireguard
wg genkey | tee server_private.key | wg pubkey > server_public.keychmod 600 server_private.key chmod 644 server_public.key๐ Security: Keep your private key secure and never share it!
Configure WireGuard Server
Create the server configuration file:
nano /etc/wireguard/wg0.confAdd the following configuration (replace SERVER_PRIVATE_KEY with your actual private key):
[Interface]
PrivateKey = SERVER_PRIVATE_KEY
Address = 10.0.0.1/24
ListenPort = 51820
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
# Client configurations will be added below
[Peer]
PublicKey = CLIENT_PUBLIC_KEY
AllowedIPs = 10.0.0.2/32Enable IP Forwarding
Enable IP forwarding to allow traffic routing:
echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
sysctl -pConfigure Firewall
Configure UFW firewall to allow WireGuard traffic:
ufw allow 51820/udp ufw allow OpenSSH ufw enableโ ๏ธ Warning: Make sure SSH is allowed before enabling UFW to avoid losing access!
Start WireGuard Service
Start and enable the WireGuard service:
systemctl enable wg-quick@wg0 systemctl start wg-quick@wg0systemctl status wg-quick@wg0๐ Your WireGuard server is now running!
Generate Client Configuration
Generate keys for each client device:
wg genkey | tee client_private.key | wg pubkey > client_public.keyCreate a client configuration file:
[Interface]
PrivateKey = CLIENT_PRIVATE_KEY
Address = 10.0.0.2/32
DNS = 8.8.8.8
[Peer]
PublicKey = SERVER_PUBLIC_KEY
Endpoint = YOUR_SERVER_IP:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25Adding Clients to Server
Add the client's public key to the server:
wg set wg0 peer CLIENT_PUBLIC_KEY allowed-ips 10.0.0.2/32Or restart the service after editing the config file:
systemctl restart wg-quick@wg0Client Setup
Install WireGuard on your client devices:
๐ฑ Mobile
Download WireGuard app from App Store or Google Play
๐ฅ๏ธ Desktop
Download from wireguard.com
๐ง Linux
Install via package manager
apt install wireguard๐ Import the client configuration file or manually enter the configuration details in your WireGuard client.
Testing the Connection
Follow these steps to test your VPN connection:
Connect to VPN
Activate the WireGuard connection on your client device
Check IP Address
curl ifconfig.meTest DNS Resolution
nslookup google.comโ If the IP matches your SOAHost VPS IP, your VPN is working correctly!
Troubleshooting Common Issues
Security Best Practices
๐ Server Security
- โข Regular system updates
- โข Implement fail2ban
- โข Change default SSH port
- โข Monitor server logs
๐๏ธ Key Management
- โข Unique keys per client
- โข Secure key storage
- โข Regular key rotation
- โข Revoke unused keys
๐ Congratulations!
You now have a fully functional WireGuard VPN server running on your SOAHost VPS. This setup provides secure, encrypted access to the internet through your private server.