InfrawireInfrawire Logo
Service StatusClient Area

🌐 Install WireGuard VPN on a VPS

Complete guide to install and configure WireGuard VPN on your VPS server using a simplified script. Create your own private VPN network.

🌐 Install WireGuard VPN on a VPS

This guide will teach you how to install WireGuard VPN on your VPS server using a simplified installation script. WireGuard is a modern, fast, and secure VPN that will allow you to create your own private virtual network.

📋 Prerequisites

  • A VPS server with root or sudo access
  • An active SSH connection
  • Ubuntu/Debian (the script works with these distributions)
  • UFW installed and configured (see the tutorial Install UFW)

📥 WireGuard Installation

Download the installation script

We will use the automatic installation script that greatly simplifies the configuration:

# Download the installation script
curl -O https://raw.githubusercontent.com/angristan/wireguard-install/master/wireguard-install.sh

# Make the script executable
chmod +x wireguard-install.sh

Run the installation script

sudo ./wireguard-install.sh

Interactive configuration

The script will ask you a few questions. Here are the recommended answers:

  1. Interface: Press Enter to use eth0 (default)
  2. IPv4 Address: Press Enter to use an automatic private address (e.g., 10.7.0.1/24)
  3. WireGuard Port: Press Enter to use port 51820 (default)
  4. DNS: Choose a DNS:
    • 1 for Cloudflare (1.1.1.1) - Recommended
    • 2 for Google (8.8.8.8)
    • 3 for OpenDNS (208.67.222.222)
    • 4 for Quad9 (9.9.9.9)
  5. Client: Enter a name for your first client (e.g., my-pc, laptop, smartphone)

The script will:

  • Install WireGuard automatically
  • Generate private and public keys
  • Configure the server
  • Create your first client

📱 Client Configuration

Retrieve the configuration file

After installation, the script generates a client configuration file. To retrieve it:

# Display the configuration file content
cat /root/[client-name].conf

# Example: if you named your client "my-pc"
cat /root/my-pc.conf

Configuration file example

The file will look like this:

[Interface]
PrivateKey = [your-private-key]
Address = 10.7.0.2/24
DNS = 1.1.1.1

[Peer]
PublicKey = [server-public-key]
Endpoint = [your-vps-ip]:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25

Install the client on your device

On Windows

  1. Download WireGuard from wireguard.com
  2. Install the application
  3. Open WireGuard and click "Add Tunnel" > "Add empty tunnel"
  4. Copy-paste the content of the .conf file
  5. Save and activate the connection

On macOS

  1. Download WireGuard from the App Store or wireguard.com
  2. Install the application
  3. Open WireGuard and click "Add Tunnel" > "Create from file" or "Create from clipboard"
  4. Import your configuration file
  5. Activate the connection

On Linux (Ubuntu/Debian)

# Install WireGuard
sudo apt update
sudo apt install wireguard -y

# Copy the configuration file
sudo cp /root/my-pc.conf /etc/wireguard/wg0.conf

# Enable WireGuard
sudo wg-quick up wg0

# Enable on boot
sudo systemctl enable wg-quick@wg0

On Android/iOS

  1. Install the WireGuard app from Google Play Store or App Store
  2. Open the app and click the "+" button
  3. Choose "Create from file" or "Create from QR code"
  4. Import your configuration file
  5. Activate the connection

🔐 Add a new client

To add a new client later (e.g., for another device):

sudo ./wireguard-install.sh

When the script asks what you want to do, choose the option to add a new client.

Enter a name for the new client, and the script will automatically generate a new configuration file in /root/[client-name].conf

🚀 Useful WireGuard commands

Service management

# Start WireGuard
sudo systemctl start wg-quick@wg0

# Stop WireGuard
sudo systemctl stop wg-quick@wg0

# Restart WireGuard
sudo systemctl restart wg-quick@wg0

# Service status
sudo systemctl status wg-quick@wg0

# Enable on boot
sudo systemctl enable wg-quick@wg0

# Disable on boot
sudo systemctl disable wg-quick@wg0

Connection information

# View WireGuard information
sudo wg show

# View transfer statistics
sudo wg show wg0 transfer

# View current configuration
sudo wg show wg0 dump

Logs

# View logs in real-time
sudo journalctl -u wg-quick@wg0 -f

# View last entries
sudo journalctl -u wg-quick@wg0 -n 50

🔐 Allow WireGuard in UFW

Important: Don't forget to allow the WireGuard port in UFW after installation, otherwise your VPN won't work.

After installing WireGuard, allow the port in UFW:

# Allow WireGuard port (default 51820)
sudo ufw allow 51820/udp

# Reload UFW
sudo ufw reload

# Verify that the rule is active
sudo ufw status | grep 51820

✅ Verification

Verify that WireGuard is working

# Check service status
sudo systemctl status wg-quick@wg0

# Check active connections
sudo wg show

# Verify that the port is open
sudo netstat -ulnp | grep 51820

Test from your client

Once connected from your client:

  1. Check your public IP: curl ifconfig.me (should display your VPS IP)
  2. Test connectivity: ping 8.8.8.8
  3. Verify that you are connected to the VPN from your network interface

🆘 Troubleshooting

WireGuard won't start

# Check logs
sudo journalctl -u wg-quick@wg0 -n 50

# Check configuration
sudo wg-quick down wg0
sudo wg-quick up wg0

# Verify that the port is available
sudo netstat -ulnp | grep 51820

Cannot connect from my client

  1. Check that the port is open in UFW:

    sudo ufw status | grep 51820

  2. Check that the server is listening on the port:

    sudo netstat -ulnp | grep 51820

  3. Check your client configuration: Make sure your server IP in Endpoint is correct

  4. Check server-side logs:

    sudo journalctl -u wg-quick@wg0 -f

Installation script fails

If the installation script encounters errors:

  1. Verify that you have root or sudo rights
  2. Check your internet connection
  3. Make sure your system is up to date: sudo apt update && sudo apt upgrade -y
  4. Try downloading the script again: 
    rm wireguard-install.sh
curl -O https://raw.githubusercontent.com/angristan/wireguard-install/master/wireguard-install.sh
chmod +x wireguard-install.sh

📚 Additional resources

❓ Frequently Asked Questions

Q: Can I use multiple clients simultaneously?
A: Yes, WireGuard supports multiple clients connected at the same time. Simply add a new client with the script.

Q: What is WireGuard's speed?
A: WireGuard is one of the fastest VPNs available, with performance close to native speed.

Q: Is WireGuard secure?
A: Yes, WireGuard uses modern encryption and has been audited for security.

Q: Can I change the WireGuard port after installation?
A: Yes, but you'll need to modify the configuration manually. It's simpler to reinstall with the script if necessary.

Good configuration! 🚀

Previous article

🛡️ Install and configure UFW on a VPS

Next article

📝 Install WordPress on a Linux VPS

Still need help?

Contact our support

Our team is available 24/7 to help you

Join our Discord

Join our community to exchange and get help