Your own WireGuard VPN server in 5 minutes

WireGuard

I used to use a personal OpenVPN server but I was never okay with its speed even though I tuned & enhanced the server configurations but still it wasn’t good enough. Then I heard about WireGuard and how fast and secure it is from my friend Mina so I decided to give it a try so I used Mina’s Ansible Playbook to install and configure a WireGuard server. I created a $5 instance in DigitalOcean with CentOS 7 and I downloaded the playbook on my laptop ( you have to have Ansbile installed ):

$ ansible-galaxy install mina-alber.wireguard-ansible

Then I modified the hosts_inventory file with the server info :

[all]
wireguard    ansible_host=[IP_ADDR]    ansible_port=[SSH_PORT]  ansible_user=root

And I started the script :

$ ansible-playbook -i hosts_inventory wireguard.yml

It took only 5 minutes and my WireGuard VPN Server was ready. Now SSH to the server and run the following command :

$ wg show

And you should get an output like this :

[root@wireguard ~]# wg show
interface: wg0
  public key: 0c916OHwwAbP71I9UBFpddIsPH8MyTSifhLad+gy4GY=
  private key: (hidden)
  listening port: 51820

Copy the public key because we’ll need it later for the client configuration.

Then I installed WireGuard Tools on my MacOS which has the WireGuard Client to connect to the server :

$ brew install wireguard-tools

And I used it to generate a key for my laptop :

$ wg genkey | tee privatekey | wg pubkey > publickey

And I created a configuration file inside my home dir but you can create anywhere /Users/morxander/wg.conf :

[Interface]
Address = 10.0.0.2/32 #select an unreserved IP
PrivateKey = [[YOUR_PRIVATE_KEY]]
DNS = 8.8.8.8
[Peer]
PublicKey = [[SERVER_PUBLIC_KEY]]
AllowedIPs = 0.0.0.0/0
Endpoint = [[SERVER_IP]]:51820
PersistentKeepalive = 25

Replace the [[YOUR_PRIVATE_KEY]] with the key inside the privatekey file, [[SERVER_PUBLIC_KEY]] with the public key which we got from wg show command on the server and [[SERVER_IP]] with the server IP.

Now SSH to the server again and edit WireGuard config file /etc/wireguard/wg0.conf and add your client block :

[Peer]
PublicKey = [[YOUR_PUBLIC_KEY]]
AllowedIPs = 10.0.0.2/32

And replace [[YOUR_PUBLIC_KEY]] with the key inside the publickey file.

And finally restart the service on the server :

$ systemctl restart [email protected]

And now let’s connect to your VPN server. On your local machine :

$ wg-quick up /Users/morxander/wg.conf

And congratulations you’re connected now to your new VPN server. You can get your current IP :

$ curl https://wtfismyip.com/text

And now I can watch the US Netflix content without paying to a 3rd part VPN service.