What is Wireguard?

Wireguard is a VPN that utilizes updated protocols in order to provide a faster and more secure connection. This is becoming the new standard for overall self hosted VPN solutions as it's now included into the Linux kernel as of version 5.6. Additionally, Wireguard is extremely easy to setup and configure, additionally they provide users with extensive documentation.

How to Install Wireguard:

SSH into your server and proceed through the guide:

curl -O https://raw.githubusercontent.com/angristan/wireguard-install/master/wireguard-install.sh
This command downloads the wireguard-install.sh script created by user angristan on github.

chmod +x wireguard-install.sh
This will give the wireguard-install.sh script execute permissions.


Finally, this will run the wireguard-install.sh script in which installs and configures wireguard for you.

Wireguard Installation Script

The Wireguard script will prompt you to press enter in order to confirm the details it auto fills for you. Let's go through these prompts one by one:
IPv4 or IPv6 public address: (Your default ipv4 address will be here)

If you're wanting to setup wireguard using either a different IPv4 or an IPv6 address simply delete the IP address listed and type in your own.

Public interface: eth0

Your public interface refers to the default network interface wireguard has detected, while yours may be different typically it's best to leave this as default.

WireGuard interface name: wg0

Wireguard creates it's own virtual network interface, modifying this field may break wireguard.

Server's WireGuard IPv4:
Server's WireGuard IPv6: fd42:42:42::1

These are the internal IPs wireguard will use.

Server's WireGuard port [1-65535]: 61534

Wireguard will use a random port between the range 1-65535, if you have a firewall installed you'll need to allow this port.
If you're using firewalld you can use this command firewall-cmd --zone=public --permanent --add-port=<YOUR PORT>/udp && firewall-cmd --reload

First DNS resolver to use for the clients: DNS
Second DNS resolver to use for the clients (optional): DNS

Because we're using NextDNS we'll need to create an account and get the DNS servers to use.

How to Setup NextDNS
NextDNS provides users with a configurable personal DNS in which allows you to block trackers and ads on a network level within a few clicks.

In order to get started create an account on https://nextdns.io
Once you have an account click the Security tab to enable or disable specific protection. If you're wanting to block ads or other trackers you can click Privacy and Add a Blocklist
Here you'll be able to select different blocklists available, each of these lists will have a description explaining what exactly they will block. All changes made on the NextDNS panel will take effect immediately.

If you've configured NextDNS to your liking you can proceed to copy the DNS servers on the Setup page and input them individually into the first and second DNS resolvers within the wireguard installation script. Once finished press enter and wireguard will proceed to install.

After the installation has finished it will prompt you for a Client name: you can set this to whatever you'd like such as Laptop, Desktop, or even your own name. Wireguard will then prompt you once again for the Client's WireGuard IPv4: and Client's WireGuard IPv6: press enter on both of these fields to continue. Once finished wireguard will display a QR code to scan for the wireguard app available here: https://www.wireguard.com/install/. If you want to use wireguard on your computer you'll need to download the wireguard windows installer: https://www.wireguard.com/install/. Download the newly created wg0-client-name.conf and click Add Tunnel in the wireguard application.

For more information regarding wireguard refer to https://www.wireguard.com
Was this article helpful?
Thank you!