Setting up own VPN server using WireGuard on Linux

[Fli]

This tutorial should help You to
a) protect your internet communication by encryption
b) use different IP so you hide your real IP

You will need
a) Linux server - a VPS (starts at less than $2/month) and you can use it for many other tasks like website hosting server
b) to install VPN software on that server and on your own home computer and/or on the phone

ALTERNATIVE to Wireguard is OpenVPN which is a bit older SW.

Most recent version of this tutorial is available when you run ZeroNet and then open this page.

The server should be dedicated or kvm/xen virtualized yet openvz and lxc will work too but using different setup script: method 1 or method2.

Wireguard server (meaning OS of your VPS you have rented as mentioned above) supported distributions: Ubuntu 16+, Debian, Fedora, CentOS, Arch Linux

You should first update, upgrade and restart your Linux server:

yum update;yum upgrade 2>/dev/null||apt update;apt upgrade 2>/dev/null
reboot

now the installation of the WG server:

yum install curl 2>/dev/null || apt install curl 2>/dev/null;curl -O https://raw.githubusercontent.com/angristan/wireguard-install/master/wireguard-install.sh;chmod +x wireguard-install.sh;./wireguard-install.sh

Hit enter on prompts. I only customized nameservers using ones from a opennic project (note that outdated not reliable nameservers may cause dropped packets, downtimes with hard to discover cause).

If any errors, search these on search engine and if not reported yet, report it to above mentioned Github project page.

Then i am presented with a .conf file which i list and copy its contents to my client. Example:
cat /root/wg0-client-abcd1234.conf

To exclude neighbor LAN computers IPs from forcing through Wireguard tunnel (to nowhere) you can edit AllowedIPs variable in the resulting client .conf file according to output of this bash script. Example:

Code:

COMMAND:
./allowedips.sh +0.0.0.0/0 -192.168.1.1:192.168.1.27 -10.8.8.0/32
RESULT:
0.0.0.0/5, 8.0.0.0/7, 10.0.0.0/13, 10.8.0.0/21, 192.168.1.28/30, 192.168.1.32/27, 192.168.1.64/26, 192.168.1.128/25, 192.168.2.0/23, 192.168.4.0/22, 192.168.8.0/21, 192.168.16.0/20, 192.168.32.0/19, 192.168.64.0/18, 192.168.128.0/17, 192.169.0.0/16, 192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4, 224.0.0.0/3, 10.8.8.1/32, 10.8.8.2/31, 10.8.8.4/30, 10.8.8.8/29, 10.8.8.16/28, 10.8.8.32/27, 10.8.8.64/26, 10.8.8.128/25, 10.8.9.0/24, 10.8.10.0/23, 10.8.12.0/22, 10.8.16.0/20, 10.8.32.0/19, 10.8.64.0/18, 10.8.128.0/17, 10.9.0.0/16, 10.10.0.0/15, 10.12.0.0/14, 10.16.0.0/12, 10.32.0.0/11, 10.64.0.0/10, 10.128.0.0/9, 11.0.0.0/8, 12.0.0.0/6, 16.0.0.0/4, 32.0.0.0/3, 64.0.0.0/2, 128.0.0.0/2, 192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, 192.168.0.0/24, 192.168.1.0/32

wireguard-install.sh script that you have downloaded can be ran (./wireguard-install.sh) to add more clients/peers to the server, remove user or uninstall Wireguard.

More:
port forwarding / opening port on Wireguard
How to setup Linux firewall (iptables,UFW) to prevent leaking non VPN connections (VPN killswitch)

increase number of simultaneous connections:

Code:

echo "net.netfilter.nf_conntrack_max=99000" > /etc/sysctl.d/10-conntrack-max.conf;sysctl -p /etc/sysctl.d/10-conntrack-max.conf