English
InfrawireInfrawire LogoDocumentation
Appeler

Install WireGuard VPN on a VPS

Complete guide to install and configure WireGuard VPN on your VPS server using a simplified script. Create your own private VPN network.

~3 min read
vpnwireguardsecuritynetworkvps

This guide will teach you how to install WireGuard VPN on your VPS server using a simplified installation script. WireGuard is a modern, fast, and secure VPN that will allow you to create your own private virtual network.

📋 Prerequisites

  • A VPS server with root or sudo access
  • An active SSH connection
  • Ubuntu/Debian (the script works with these distributions)
  • UFW installed and configured (see the tutorial Install UFW)

📥 WireGuard Installation

Download the installation script

We will use the automatic installation script that greatly simplifies the configuration:

Bash
1# Download the installation script
2curl -O https://raw.githubusercontent.com/angristan/wireguard-install/master/wireguard-install.sh
3
4# Make the script executable
5chmod +x wireguard-install.sh

Run the installation script

Bash
sudo ./wireguard-install.sh

Interactive configuration

The script will ask you a few questions. Here are the recommended answers:

  1. Interface: Press Enter to use eth0 (default)
  2. IPv4 Address: Press Enter to use an automatic private address (e.g., 10.7.0.1/24)
  3. WireGuard Port: Press Enter to use port 51820 (default)
  4. DNS: Choose a DNS:
    • 1 for Cloudflare (1.1.1.1) - Recommended
    • 2 for Google (8.8.8.8)
    • 3 for OpenDNS (208.67.222.222)
    • 4 for Quad9 (9.9.9.9)
  5. Client: Enter a name for your first client (e.g., my-pc, laptop, smartphone)

The script will:

  • Install WireGuard automatically
  • Generate private and public keys
  • Configure the server
  • Create your first client

📱 Client Configuration

Retrieve the configuration file

After installation, the script generates a client configuration file. To retrieve it:

Bash
1# Display the configuration file content
2cat /root/[client-name].conf
3
4# Example: if you named your client "my-pc"
5cat /root/my-pc.conf

Configuration file example

The file will look like this:

[Interface]
PrivateKey = [your-private-key]
Address = 10.7.0.2/24
DNS = 1.1.1.1

[Peer]
PublicKey = [server-public-key]
Endpoint = [your-vps-ip]:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25

Install the client on your device

On Windows

  1. Download WireGuard from wireguard.com
  2. Install the application
  3. Open WireGuard and click "Add Tunnel" > "Add empty tunnel"
  4. Copy-paste the content of the .conf file
  5. Save and activate the connection

On macOS

  1. Download WireGuard from the App Store or wireguard.com
  2. Install the application
  3. Open WireGuard and click "Add Tunnel" > "Create from file" or "Create from clipboard"
  4. Import your configuration file
  5. Activate the connection

On Linux (Ubuntu/Debian)

Bash
1# Install WireGuard
2sudo apt update
3sudo apt install wireguard -y
4
5# Copy the configuration file
6sudo cp /root/my-pc.conf /etc/wireguard/wg0.conf
7
8# Enable WireGuard
9sudo wg-quick up wg0
10
11# Enable on boot
12sudo systemctl enable wg-quick@wg0

On Android/iOS

  1. Install the WireGuard app from Google Play Store or App Store
  2. Open the app and click the "+" button
  3. Choose "Create from file" or "Create from QR code"
  4. Import your configuration file
  5. Activate the connection

🔐 Add a new client

To add a new client later (e.g., for another device):

Bash
sudo ./wireguard-install.sh

When the script asks what you want to do, choose the option to add a new client.

Enter a name for the new client, and the script will automatically generate a new configuration file in /root/[client-name].conf

🚀 Useful WireGuard commands

Service management

Bash
1# Start WireGuard
2sudo systemctl start wg-quick@wg0
3
4# Stop WireGuard
5sudo systemctl stop wg-quick@wg0
6
7# Restart WireGuard
8sudo systemctl restart wg-quick@wg0
9
10# Service status
11sudo systemctl status wg-quick@wg0
12
13# Enable on boot
14sudo systemctl enable wg-quick@wg0
15
16# Disable on boot
17sudo systemctl disable wg-quick@wg0

Connection information

Bash
1# View WireGuard information
2sudo wg show
3
4# View transfer statistics
5sudo wg show wg0 transfer
6
7# View current configuration
8sudo wg show wg0 dump

Logs

Bash
1# View logs in real-time
2sudo journalctl -u wg-quick@wg0 -f
3
4# View last entries
5sudo journalctl -u wg-quick@wg0 -n 50

🔐 Allow WireGuard in UFW

Important: Don't forget to allow the WireGuard port in UFW after installation, otherwise your VPN won't work.

After installing WireGuard, allow the port in UFW:

Bash
1# Allow WireGuard port (default 51820)
2sudo ufw allow 51820/udp
3
4# Reload UFW
5sudo ufw reload
6
7# Verify that the rule is active
8sudo ufw status | grep 51820

✅ Verification

Verify that WireGuard is working

Bash
1# Check service status
2sudo systemctl status wg-quick@wg0
3
4# Check active connections
5sudo wg show
6
7# Verify that the port is open
8sudo netstat -ulnp | grep 51820

Test from your client

Once connected from your client:

  1. Check your public IP: curl ifconfig.me (should display your VPS IP)
  2. Test connectivity: ping 8.8.8.8
  3. Verify that you are connected to the VPN from your network interface

🆘 Troubleshooting

WireGuard won't start

Bash
1# Check logs
2sudo journalctl -u wg-quick@wg0 -n 50
3
4# Check configuration
5sudo wg-quick down wg0
6sudo wg-quick up wg0
7
8# Verify that the port is available
9sudo netstat -ulnp | grep 51820

Cannot connect from my client

  1. Check that the port is open in UFW:

    Bash
    sudo ufw status | grep 51820

  2. Check that the server is listening on the port:

    Bash
    sudo netstat -ulnp | grep 51820

  3. Check your client configuration: Make sure your server IP in Endpoint is correct

  4. Check server-side logs:

    Bash
    sudo journalctl -u wg-quick@wg0 -f

Installation script fails

If the installation script encounters errors:

  1. Verify that you have root or sudo rights
  2. Check your internet connection
  3. Make sure your system is up to date: sudo apt update && sudo apt upgrade -y
  4. Try downloading the script again: 
    Bash
    rm wireguard-install.sh
curl -O https://raw.githubusercontent.com/angristan/wireguard-install/master/wireguard-install.sh
chmod +x wireguard-install.sh

📚 Additional resources

❓ Frequently Asked Questions

Q: Can I use multiple clients simultaneously?
A: Yes, WireGuard supports multiple clients connected at the same time. Simply add a new client with the script.

Q: What is WireGuard's speed?
A: WireGuard is one of the fastest VPNs available, with performance close to native speed.

Q: Is WireGuard secure?
A: Yes, WireGuard uses modern encryption and has been audited for security.

Q: Can I change the WireGuard port after installation?
A: Yes, but you'll need to modify the configuration manually. It's simpler to reinstall with the script if necessary.

Good configuration! 🚀

Previous

Install and configure UFW on a VPS

Next

Install WordPress on a Linux VPS

Need help?

Support

Our team is available 24/7 to help you

Discord

Join our community