How to make your own VPN with Wireguard on a VPS

In this bout we will set up our own VPNService. I live in Germany but I hired a server inthe USA, set VPN Software on it and can connect to it with a Windows or Mac orLinux client or I can quickly scan a QR Code to connect with my iPhone. In one of the next bouts we will move abrowser on a remote machine to get from this. To this. How do we do this? Stay sung, watch thisepisode and make sure you subscribe to my canal and click the notification carton so youdont miss out on new escapades; -)( Intro) Their own families was counselling me to have Netflix. I did some research and found out that theiroffering in Germany is much smaller than in the US. In Canada, pricing was much lower due to theconversion rate and on top of this you get the French explanations in Canada we are abilingual German French family and the children liked to watch the original English editions. So I judged hey, why not just subscribeto Netflix in Canada? You may once have suspected what happened apparently I wasnot the first being on earth having had that idea.Netflix really stopped redirecting me to the Germanpage. If simply I would have thought of using a VPNat that time. I could have changed my Geo-location justby connecting to a Canadian VPN and hence Netflix consider that I patronize fromCanada. Of route in Hindsight, thinking it over, I would have had to give a wrong address which probably would not have been OK. Furthermore, I detected the various VPN servicesthat you can buy on the internet to be a bit on the expensive area they everyone has free 30 date trials or so of course but then they soon vanished up to 7 or 12 Dollars per month. And I have heard that the VPN services areoften blocked from streaming services.Anyhow, these days I mulled, hey, why notrun my very own VPN service? All I need is a cheap virtual server or vserver or VPS theterminology varies depending on the providers – and a VPN software running on it. So I researched the internet and I found thatthere are quite cheap gives these days. For a VPN Server we do not really need a powerfulmachine. One CPU, 512 Megabytes of Ram and 5 to 10Gigabytes of Disk are plenty. The one I noticed here( ionos) has a coupleof interesting qualities I need to specify at this point that I am neither affiliatedwith them in any way nor do they pay me in any way so my soul mate from Ionos, I am doing free notoriety for you now. You is now considering lending me to your christmascard index. Guys, again, you may freely elected any provider. There are just a couple of things that madethis offering enticing for me: First, they are using KVM as virtualizationtechnology. That implies I can have a KVM web console ifever I locked myself out, and most importantly for me I could race Docker on it.Second, they are German and I can book theoffering from Germany without having to spoof an identity or anything dodgy like that. So I expect this whole thing to run reliablyand smoothly like a German Diesel engine: -) Third, as far as I “re going to tell”, there are nohidden setup rates such as activation etc. if I involve for 12 months. At 1 Euro per month this is a manageable risk. Even if I barked up the wrong tree here itwould not throw me into poverty. Fourth, I can upload my own idols( even thoughnot for free) and can choose from various categories of preconfigured linuxes. We will use Ubuntu 18 for this exercise. On the downside, they do not seem to havemore recent likeness such as Ubuntu 20 which would come in handy for our VPN installationas Wireguard can be more easily positioned on the newer Ubuntu accounts. With Version 18 we will have to add the installationsources from Wireguard.Alternatively we could just upgrade Ubuntuonce we have access to the server. It too seems that once you have selecteda distribution then you can not easily switch to another one, like CentOS. You it is necessary compile your choice and stick toit. Another not so good ordeal with them wasthe time they needed to send me the login details. It took them roughly 3 daytimes. But I cant compare to others here. Another disadvantage is that I will have topay for extras such as backup. But I am not planning to store any data onthis machine and the setup can be done again very easily at any time. And I fully understand that I do probablynot get the first class all inclusive exec club for a dollar. Generally speaking, there are some selectioncriteria which you might consider before choosing a provider.The virtualization technology is most certainlyan important factor, peculiarly if you want to run Docker. Look at the pricing is it a flat fixedprice or is it time or load located fees. Loudnes or bandwidth shortcomings would be adowner as well. But fairly talking, makes get this thinginstalled. Like always I have prepared a couple of thingsfor you which you may download from my github repository.The link is like ever in the descriptionof this video. There is an installation wrote called wireguard.shthat does all the necessary things for you in order to install wireguard on the virtualserver. A second write called addpeer.sh can be usedto add an additional client or peer, such as a laptop running windows or an iPhone. I have designed the dialogues in a way thatyou can either transfer them over to the server as a enter and call them from the dictation lineor alternatively you can copy and paste the contents immediately into the terminalwindow. I could either connect to the server usingthe KVM Web console, but I personally find working with it a bit awkward, I promote usingsecure eggshell, ssh. If you are a Windows user, you may use a softwarecalled Putty to do this. Let me abruptly download this from the weband install it. In lineup to transfer the data on the serverI use WinSCP. Alternatively, you could use Filezilla forexample if “youre on” a Mac.Same procedure, sought for it on the webquickly and installing it. I have already put in the parameters for myserver into WinSCP and can now connect to it with one click. I also have the writes accessible here, soall I need to do is drag and drop-off them over to my server. Thats all. The enters are now on the Server in the USA. I simply need to go to the belongings of thescripts and check the Executable flag so that I can run them on the linux server. Next, I connect to the server exercising Putty. Under Windows 10, there is now built-in sshfunctionality. So you could just move ssh from the commandline as well. I have set the writes immediately in the homedirectory of the beginning customer, so I can execute them from here. First the installing write. It takes roughly 30 seconds to run. The script will position all required softwarepackages, it will set up the boundary and the necessary firewall rules for me.Now that the Wireguard software is installed, I want to add a consumer to it. From the wireguard web site I can downloadthe software for Windows. Installing it is pretty straightforward. The purchaser for the iPhone can be found inthe app store. Now let me log into my server with Putty andrun the addpeer write which will compute a new peer and demonstrate the configuration data. You might need to nip the font and windowsize specifies for putty a little so that the QR code shows up properly. I have noticed that it is most effective with 120 towers, 40 rows and with the consolas 16 site typeface even an old man wearing glasseslike myself can read everything. Here “theres going”, I propel the script , now I cancopy and glue the made config data into my openings client.I precisely create a brand-new empty-bellied config and overwriteit with the data that I have copied from the facility script. Now I can connect to the VPN by clicking onthe Activate button and it does not even take a second to connect. Let me check my IP address to see where myServer is located. It looks like I am in the US and more preciselyin Kansas thats probably where 1 of their data centers is located.Cool. Let me check in to Amazon and see if Amazongives me rates in Dollars or Euros. Quickly searching for a commodity, lets saya Wemos D1. All Prices in Dollars. We are in the US. Beautiful. One last-place measure. What if I would want to sign in to Netflix. Just utter it any mailinator address allI want to see is if it gives me Dollar or Euro tolls or tells me to go away. All Proposal in Dollars. Good. Now lets specified this up for the iPhone. Clicking on the plus sign in the Wireguardapp lets me set up a new tunnel either from scratch or much fancier, from a QR code. That is actually a very nice way to transferdata from a terminal window to an iphone.Scanning the code makes a new passageway. Lets call it USA. Quickly connecting to it and doing the samecheck open Amazon and see if rates are in Dollars. Yep, better than good everything projects as expected. Guys, before we have a closer look at thescripts and what the fuck is do in detail I have a call to action for you. Preferably than me exactly suspecting what you mightbe interested in it would be so much easier if you exactly “ve been told”. So I have two questions you didnt thinkyou get this for free, did you? Only kidding. Please let me know in the comments of thisvideo “if youre using” a VPN or not or if you are planning to do so. Furthermore I would love to understand whatyour main concern is why you would consider using a VPN. Do you need to connect to your dwelling or workenvironment or is it safety and security or privacy for browsing? In other commands, whichproblem are you trying to solve? Please do write me in the comments. Instead you find me on facebook, twitteror reddit.My username is always onemarcfifty. So Im not really trying to hide here; -) Ido take and answer questions as well: -) Thanks a lot chaps. The installation write needs to be run asroot. First thing it does is that it deletes anywireguard configuration that might reside on the machine. Second, it installs the necessary repositoriesand software packages for wireguard. During the process of developing this write I havetried out a couple of things I have not removed them from the dialogue but very commentedthem out because I though it might help understand the script better. Next, it generates a keypair and places theprivate and public key in the two enters which you can see here. The umask 077 situates the record allows sothat the datum can only be accessed by root. You should ever set the tightest possibleaccess rights on key records in general so that nobody else could retrieve them. Next we need to enable forwarding, that meanswe need to tell linux that it should act as a router. This is done by setting the ip_forward parameterto 1 consuming sysctl. The script is reached for IP4, that wants ifyou merely get an IP6 address from your Provider you would need to adapt this here.I have arbitrarily chosen a private classc address for the wireguard boundary. You may change this to any private addressif you wanted to. Next we configure the wg0 tie-in that isjust another randomly chosen interface name for the wireguard network interface. Feel free to set this to something else ifyou demand. The port we are listening on is set to 51820, again you might change this to something else if you miss. In all such cases, you need to open that port onthe firewall of the virtual server. Depending on your Provider this may be donein different ways. But anyhow you need to open that port so thatWireguard can answer on it. The wg showconf mastery shows the configuration. Up to this point the configuration would notbe persistent, that is it would be lost after a reboot.This is probably not what we want. We crave the VPN to be available immediatelyafter reboot. So I am writing the config data into the filewg0. conf. I also need to store the ip address of theinterface now explicitely as the showconf does not print it out. Might be worth improving this beloved Wireguardteam, if you are watching. Specifying the SaveConfig parameter makessure that peers which I create are automatically stored in the config datum. Add this spot I is necessary to do a couple oftwists in order to find out the name of the public interface, that is the network cardof my vserver which is connected to the internet. I need this because I need to add some firewallrules to the config registers. For the moment, the linux server acts as arouter. It would hence superhighway me over to the internet. But it would not yet disguise my IP address orrather mask it. It would just route my own private addressout to the internet. But a private address can not be routed publicly. So I need NAT or Masquerading. This is done with Iptables by adding a masqueradingtarget to the postrouting chain of the nat table.Nearly finished, “were having” the config, we havemaquerading, we have it stored in persistent registers. All we need to make sure is that it comesup automatically after a reboot. For this, we can use systemd. We just enable the wg-quick command with theparameter wg0 as a systemd section and this mode linux will automatically propel the configafter each boot. Perfect, so much for the Server installationscript. Now lets look at the addpeer write. I designed it so that it can take two parameters the first one is a client name, that is actually not really consumed anywhere for thetime being and the second parameter is the IP address that the customer should get.Chose a different IP address for each clientyou want to connect. I default to the. 2 address if you dontspecify it. For the new peer we need to generate a keypairvery much like for the server itself. I am reading out the public key and the publicIP address of the server. If you wanted to connect to the server overa dynamic DNS address you would need to adapt this later in your purchaser. Next I precisely write the whole config into thenewpeer.conf record and tell wireguard that it has a new peer squandering the wg provided dominate. I have noticed that the config folder does notupdate immediately but that the boundary needs to be taken down and up again in orderto have the config written into the wg0. conf folder. Last but not least I clean out the variablesso that they are not stored on the machine and engrave out the config enter as a QR codeusing qrencode and below as a text file.Perfect. Guys, this concludes todays occurrence. Thank you very much for watching. In one of the next episodes we will use thisvirtual server to launch a bowser remotely, that means we will surf the internet witha browser that is not running on our local PC but preferably in the vapour. The destination is to increase privacy for browsingand likewise security in the sense that we generate some airspace between the browser and ourclient.Also, there are still a couple of settingsthat we need to change on this server, such as changing username and password authenticationwith ssh to public and private key. I am sure this is going to be quite interestingto say at least so satisfy make sure that you subscribe because otherwise you are able to missthat incident. No pres. Thanks for watching, stay safe, stay healthy.Bye for now ..

You May Also Like