How to install a WireGuard VPN server on a Linux VPS
WireGuard is a modern, fast, and secure VPN protocol. It is directly integrated into the Linux kernel since version 5.6, giving it excellent performance.
Why choose WireGuard?
| Advantage | Detail |
|---|---|
| ⚡ Ultra fast | 2 to 5 times faster than OpenVPN |
| 🔒 Very secure | Modern cryptography (ChaCha20, Curve25519) |
| 📝 Simple | Only ~4,000 lines of code (vs 600,000 for OpenVPN) |
| 📱 QR Code | Mobile configuration in 10 seconds |
| 🔋 Economical | Less battery consumption on mobile |
Prerequisites
Supported operating system
| Distribution | Supported versions |
|---|---|
| Debian | 11 (Bullseye), 12 (Bookworm), 13 (Trixie) ✨ |
| Ubuntu | 22.04 LTS, 24.04 LTS, 25.04, 25.10 |
💡 Recommendation: Use Debian 13 or Ubuntu 24.04 LTS to benefit from WireGuard integrated into the kernel.
Minimum configuration
| Item | Required |
|---|---|
| RAM | Minimum 512 MB |
| CPU | 1 vCPU |
| Storage | 5 GB |
| Port | 51820 UDP open |
⚠️ Important: Open port 51820/UDP in your hosting provider's firewall (cloud panel) before starting.
Installing the WireGuard server
Step 1: Connect to the server
Connect to your VPS via SSH:
ssh root@your-server-ip
Step 2: System update
apt update && apt upgrade -y
Step 3: Download and run the script
curl -O https://raw.githubusercontent.com/angristan/wireguard-install/master/wireguard-install.sh
chmod +x wireguard-install.sh
./wireguard-install.sh
Step 4: Answer the questions
The script asks a few simple questions:
Welcome to the WireGuard installer!
I need to ask you a few questions before starting the setup.
IPv4 or IPv6 public address: [Press Enter]
Recommended answers:
| Question | Answer | Explanation |
|---|---|---|
| Public address | Enter | Auto-detected |
| Public interface | Enter | Auto-detected |
| WireGuard interface name | wg0 | Default name |
| Server WireGuard IPv4 | 10.66.66.1 | VPN network |
| Server WireGuard port | 51820 | Standard port |
| First DNS resolver | 1.1.1.1 | Cloudflare (fast) |
| Second DNS resolver | 1.0.0.1 | Cloudflare backup |
| Client name | my-pc | Your choice of name |
Step 5: Retrieve the client configuration
At the end of the installation, the script displays:
- A QR code (for smartphone) 📱
- The path to the configuration file
It is also available in /root/wg0-client-my-pc.conf
If you want to add more clients, run this script again.
For smartphones: Scan the QR code displayed in the terminal with the WireGuard app.
For computers: Download the .conf file:
# From your local PC
scp root@your-server-ip:/root/wg0-client-my-pc.conf ~/Desktop/
Add other devices
To create profiles for your other devices, rerun the script:
./wireguard-install.sh
Menu displayed:
WireGuard is already installed.
Select an option:
1) Add a new client
2) Remove an existing client
3) Remove WireGuard
4) Exit
Choose 1 and enter a new name (e.g., iphone, tablet).
💡 Tip: A QR code is automatically generated for each new client!
Connecting to the VPN
Windows
- Download WireGuard for Windows
- Install and open the application
- Click on "Import tunnel from file"
- Select your
.conffile - Click on "Activate"
macOS
- Download WireGuard from the App Store
- Open the application
- Click on "Import tunnel from file"
- Select your
.conffile - Click on "Activate"
Linux (Debian/Ubuntu)
# Client installation
sudo apt install wireguard resolvconf
# Copy the configuration file
sudo cp my-pc.conf /etc/wireguard/wg0.conf
# Connection
sudo wg-quick up wg0
# Disconnection
sudo wg-quick down wg0
For automatic connection at startup:
sudo systemctl enable wg-quick@wg0
sudo systemctl start wg-quick@wg0
Android 📱
- Install WireGuard from the Play Store
- Open the application
- Press "+" → "Scan QR code"
- Scan the QR code displayed in the server terminal
- Press the toggle to activate
iOS (iPhone/iPad) 📱
- Install WireGuard from the App Store
- Open the application
- Press "+" → "Create from QR code"
- Scan the QR code
- Allow VPN configuration
- Press the toggle to activate
Verify it's working
Once connected to the VPN:
- Go to whatismyip.com
- The displayed IP address should be that of your VPS
✅ If this is the case, your VPN is working!
Check the server-side status
sudo wg show
Expected result:
interface: wg0
public key: aBcDeFgH...
private key: (hidden)
listening port: 51820
peer: xYzAbCdE...
endpoint: 203.0.113.50:51820
allowed ips: 10.66.66.2/32
latest handshake: 1 minute, 30 seconds ago
transfer: 15.24 MiB received, 92.38 MiB sent
Useful Commands
| Action | Command |
|---|---|
| View VPN status | sudo wg show |
| Start WireGuard | sudo systemctl start wg-quick@wg0 |
| Stop WireGuard | sudo systemctl stop wg-quick@wg0 |
| Restart WireGuard | sudo systemctl restart wg-quick@wg0 |
| View logs | sudo journalctl -u wg-quick@wg0 -f |
| Add/Remove a client | ./wireguard-install.sh |
| Show client's QR code | qrencode -t ansiutf8 < /root/wg0-client-nom.conf |
Quick Troubleshooting
❌ Client Not Connecting
Checks:
- Is the UDP port 51820 open in your hosting provider's firewall?
- Is WireGuard running on the server?
sudo wg show
If nothing is displayed:
sudo systemctl start wg-quick@wg0
❌ Connected but No Internet
Check IP forwarding:
cat /proc/sys/net/ipv4/ip_forward
If it shows 0, enable it:
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
Check NAT rules:
sudo iptables -t nat -L POSTROUTING
❌ QR Code Not Displaying
Install qrencode:
apt install qrencode
Then display the QR code:
qrencode -t ansiutf8 < /root/wg0-client-mon-pc.conf
❌ High Latency or Disconnections
Add a keepalive in the client configuration. Edit the .conf file and add under [Peer]:
PersistentKeepalive = 25
WireGuard vs OpenVPN
| Criterion | WireGuard | OpenVPN |
|---|---|---|
| Speed | ⭐⭐⭐⭐⭐ | ⭐⭐⭐ |
| Simplicity | ⭐⭐⭐⭐⭐ | ⭐⭐⭐ |
| Lines of Code | ~4,000 | ~600,000 |
| Cryptography | Modern (ChaCha20) | Classic (AES) |
| Mobile Support | Excellent + QR | Good |
| Firewall Traversal | Medium (UDP) | Excellent (TCP 443) |
| Maturity | Recent (2020) | Proven (2001) |
💡 Our advice: Use WireGuard for speed and simplicity. Keep OpenVPN as a backup if you need to traverse restrictive firewalls (TCP port 443).
Useful Resources
| Resource | Link |
|---|---|
| Official WireGuard Website | wireguard.com |
| WireGuard Windows | wireguard.com/install |
| WireGuard macOS | App Store |
| WireGuard Android | Play Store |
| WireGuard iOS | App Store |
| Installation Script | github.com/angristan/wireguard-install |
Summary
| Step | Action |
|---|---|
| 1 | SSH into the VPS |
| 2 | Update the system |
| 3 | Download and run the installation script |
| 4 | Answer the questions (or keep default values) |
| 5 | Scan the QR code (mobile) or retrieve the .conf file (PC) |
| 6 | Import into the WireGuard app |
| 7 | Enable and enjoy! 🎉 |