Setting Up a VPN on a VPS Server for Secure Access

3 weeks ago
nikolay
2 minutes

How to install a VPN on a VPS

🔹 Why You Need It

A VPN (Virtual Private Network) provides a secure encrypted tunnel between your device and the VPS.
It’s used to:

  • protect your internet traffic on public networks;
  • access internal or remote resources securely;
  • hide your real IP address;
  • manage servers safely via a private network.

⚙️ 1. Preparing the VPS

1. Deploy a VPS with Ubuntu (22.04 LTS recommended).

2. Update the system:

sudo apt update && sudo apt upgrade -y

3. Check access and firewall:

  • SSH root access enabled
  • open ports 22 (SSH), 51820 (WireGuard) or 1194 (OpenVPN)

    🔐 2. Choosing the VPN Type

    Common secure VPN options for VPS:

    • WireGuard — fast, lightweight, modern encryption.
    • OpenVPN — more compatible and configurable.
    • SoftEther — supports multiple protocols (L2TP, OpenVPN, SSTP).

    If you want simplicity — choose WireGuard.

    🧱 3. Installing WireGuard (recommended)

    🔸 On the VPS:

    sudo apt install wireguard -y

    Generate server keys:

    wg genkey | tee /etc/wireguard/server_private.key | wg pubkey > /etc/wireguard/server_public.key

    Create config /etc/wireguard/wg0.conf:

    [Interface]

    Address = 10.0.0.1/24

    ListenPort = 51820

    PrivateKey = <server_private_key>

    # Example client

    [Peer]

    PublicKey = <client_public_key>

    AllowedIPs = 10.0.0.2/32

    Enable IP forwarding:

    echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf

    sudo sysctl -p

    Start service:

    sudo systemctl enable wg-quick@wg0

    sudo systemctl start wg-quick@wg0

    💻 4. Client Configuration

    On the client (Linux, Windows, or mobile):
    Generate keys and create config:

    [Interface]

    PrivateKey = <client_private_key>

    Address = 10.0.0.2/24

    DNS = 1.1.1.1

    [Peer]

    PublicKey = <server_public_key>

    Endpoint = <SERVER_IP>:51820

    AllowedIPs = 0.0.0.0/0

    PersistentKeepalive = 25

    Then connect using the WireGuard app or command line.

    🔄 5. Securing the Server

    • Enable ufw firewall:

    sudo ufw allow 22

    sudo ufw allow 51820/udp

    sudo ufw enable

    • Disable password SSH login, use only SSH keys.
    • Keep the system and WireGuard up to date.

    🧩 6. Optional: Multi-user Access

    For each new user, generate unique key pairs and assign new IPs:

    10.0.0.3/24, 10.0.0.4/24, …

    Add each [Peer] block to the server config and restart WireGuard.