A personal VPN server on a VPS is a convenient way to ensure connection privacy, bypass geographic restrictions, and protect transmitted data. Website owners, webmasters, and beginner developers often choose this approach to control network configuration thoroughly and not depend on third-party providers. This article will look at two popular VPN technologies: OpenVPN and WireGuard. You will learn how to prepare the virtual machine, install necessary packages, configure client devices, and enhance server security.
Before starting the setup, it is important to determine the parameters of the virtual server. For VPN solutions, 1–2 GB of RAM and one dedicated core are usually sufficient. However, it all depends on the number of connected users and the expected load. Pay attention to the following aspects:
Our hosting offers a wide range of VPS plans that are perfectly suitable for this task. After selecting a plan, proceed with the standard preparation procedure. Make sure you have SSH access (login and password or key) and perform basic OS updates:
sudo apt-get update
sudo apt-get upgrade
or similar commands depending on the Linux distribution.
OpenVPN is one of the most common options. It offers good compatibility with Windows, macOS, Linux, and mobile platforms.
sudo apt-get install openvpn easy-rsa
After that, the system will have the required files and utilities for generating certificates.
Go to the Easy-RSA directory and copy the template:
make-cadir ~/openvpn-ca
cd ~/openvpn-ca
Then, edit the vars file, specifying the organization name and country, and run commands to create the Certificate Authority (CA) and keys.
In the /etc/openvpn
folder, edit the server file by specifying the port, protocol, and path to certificates. A common template is /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz
.
Unzip it and make the necessary changes (for example, port 1194 and protocol udp).
Create a separate key and certificate for each user. The resulting .ovpn file will include all parameters, including the VPN server address (its IP address or hostname).
sudo systemctl start openvpn@server
sudo systemctl enable openvpn@server
If set up correctly, the service will automatically start with the system.
WireGuard is a relatively new technology known for its high speed and simplicity. It uses modern cryptography and generally works faster than OpenVPN.
On recent versions of Ubuntu and Debian, just run:
sudo apt-get install wireguard
On other distributions, additional repository configuration may be required.
Each WireGuard node has a pair of "privatekey" and "publickey." Create them with the command:
wg genkey | tee privatekey | wg pubkey > publickey
Similar keys will be needed for the client.
In /etc/wireguard/wg0.conf
, enter the following parameters:
[Interface]
Address = 10.8.0.1/24
SaveConfig = true
ListenPort = 51820
PrivateKey = <Contents of the privatekey file>
[Peer]
PublicKey = <Client's public key>
AllowedIPs = 10.8.0.2/32
"Address" defines the virtual subnet, and "ListenPort" is the port WireGuard will listen on. "Peer" is the client.
sudo systemctl enable wg-quick@wg0
sudo systemctl start wg-quick@wg0
"wg-quick" is a utility that simplifies working with WireGuard. After rebooting the server, the connection will automatically be restored.
On the user side, the appropriate software must be installed:
Download a GUI application (e.g., "OpenVPN GUI" for Windows or "Tunnelblick" for macOS) and import the .ovpn file. Make sure the configuration contains the correct server IP address and the correct paths to keys and certificates.
On Windows, install "WireGuard for Windows," on macOS – "WireGuard.app," and on Linux – the "wireguard-tools" package. Create a profile (usually a .conf file) specifying [Interface] and [Peer], and add the client's "PrivateKey" and the server's "PublicKey." In the "Endpoint" field, enter your VPS address.
Click "Connect," and traffic will be routed through the VPN network after saving the configuration
To protect your server, follow these recommendations:
After setup, check if the connection works. Connect to the VPN from the client device and open a service that shows your IP address, such as whatismyip. You will see the VPS IP instead of your home IP if everything is done correctly. If problems arise, view the logs:
sudo journalctl -u openvpn@server
sudo journalctl -u wg-quick@wg0
Common errors include incorrect keys, wrong server IP address, or unopened ports. Sometimes, people forget to enable packet forwarding in /etc/sysctl.conf
(parameter net.ipv4.ip_forward=1
).
Installing a VPN on a VPS is a very useful solution that provides full control over the communication channel and helps secure data transmission. You can choose OpenVPN as the classic option or WireGuard for faster performance. In both cases, ensuring the configuration is correctly set up, users have secure keys, and network ports are appropriately opened is essential. Regular system updates and careful log monitoring will help keep the server reliable and stable.
Learn more about how to purchase a domain, hosting, VPS, or dedicated server.
OpenVPN is a trusted and flexible protocol compatible with many platforms. WireGuard is a relatively new and fast protocol.
It contains the parameters for connecting to the VPN server: address, ports, keys. It is required to establish a secure connection.
It is a public key infrastructure used to generate and manage certificates. It ensures secure authentication between the server and the client.
Updates eliminate vulnerabilities and improve system security. Regular patching protects against potential attacks.
It is a list of IP addresses allowed to pass through the VPN tunnel. It determines which traffic will be routed via the VPN.
After connecting, visit a website that shows your IP address. If the VPS IP appears, then the VPN is working.
It is more secure to connect to the server than a password. Keys are harder to guess, reducing the risk of hacking.