VPN in every home or how to tame the Dragon

Below I will talk about how to replace your VPN provider with your own server deployed on DigitalOcean using WireGuard.

What is the main problem of VPN providers? You do not know what they do with your data.

Very few VPN providers passed third-party audits and almost none of them open their code.

Even in the case of open source code and the audit passed, for paranoid people the question of what is happening on the provider's side remains open.

The solution is quite simple - deploy your VPN node.

I want to make it simple

There are many articles on the network about how to configure WireGuard, here are some of them:

• https://www.wireguard.com/quickstart/
• https://www.stavros.io/posts/how-to-configure-wireguard/
• https://grh.am/2018/wireguard-setup-guide-for-ios/
• https://www.digitalocean.com/community/tutorials/how-to-create-a-point-to-point-vpn-with-wireguard-on-ubuntu-16-04
• https://www.linode.com/docs/networking/vpn/set-up-wireguard-vpn-on-ubuntu/

But what if I just want to install WireGuard, without deeply studying the documentation?

I just want the easiest and fastest way to deploy a VPN server and start using it.

All I need from the infrastructure:

• 1 server
• 5-10 clients for me and my loved ones

Below is an instruction on how to do this quickly and easily.

Create a droplet

First you need to create a new droplet on DigitalOcean: https://www.digitalocean.com/docs/droplets/how-to/create/

The easiest c Ubuntu 18.04 suits me, which costs $ 5 per month.

Remember to add your SSH key to have access to the droplet: https://www.digitalocean.com/docs/droplets/how-to/add-ssh-keys/

Comment. DigitalOcean is not the only option. You can choose any cloud service to your taste.

Install WireGuard Server and Create All Required Configurations

To create all the necessary configurations automatically, you can use the script: wg-ububtu-server-up.sh , which:

• install all the necessary software
• configure iptables rules and enable IPv4 forwarding
• install unbound as dns resolver
• will create a server configuration and the required number of client configurations
• will launch WireGuard

Establish a connection with the droplet via SSH and run the following commands to download and run the script (use the IP address of your droplet instead of xxx.xxx.x.xx):

ssh root@xxx.xxx.x.xx wget https://raw.githubusercontent.com/drew2a/wireguard/master/wg-ububtu-server-up.sh chmod +x ./wg-ububtu-server-up.sh ./wg-ububtu-server-up.sh 10 #  10  " 10  "
      
      

        
        
        
      

    
        
        
        
      
      

        
        
        
      

    
     

After executing the script, the WireGuard server will be installed, running and ready to work with clients.

A sign of WireGuard starting correctly is that after running the script, you should see something similar to the console:

 interface: wg0 public key: +xxxEjj1qmxxxotq4OxxxfHPaxxxtre5xxxxOfxxw= private key: (hidden) listening port: 51820 peer: d1exxxLdCZcYxxxIQ0xxxxK/Wpx8G1N8xxvnUrxxxx= allowed ips: 10.0.0.2/32 peer: fWExxxazRxxxUOxxxx4JKgUTxxo9LaxxxxOGWtxxK0w= allowed ips: 10.0.0.3/32 ... peer: RbmxxxDxOoXMxxxcyate6xxxinIClxxDgRDxxxx0j0= allowed ips: 10.0.0.10/32
      
      

        
        
        
      

    
        
        
        
      
      

        
        
        
      

    
     

The script will also create 10 client configurations [ client1.conf ... client10.conf ], which you can use one configuration for one device (at one time).

The configurations are in the droplet, in the folder: $ HOME / wireguard /

Comment. You can configure WireGuard manually, without using a script, but then it does not fit the definition of "fast" and "without a deep study of the documentation." In the next article, if there is interest in this, I will talk about what happens inside the scripts of magic.

Remark 2. You can reasonably notice that it is even easier to use an already prepared image in the same DO and not run any scripts. I agree, but I will draw your attention to the fact that in the proposed scripts there are only 100 lines of code and it is easy to verify that there is no crime in them. In the finished image, this is more difficult to do.

Remark 3. The command to establish a connection to the droplet ( ssh ) works on * nix-like operating systems. If you have Windows, use winscp , PuTTY, or another similar application.

Install the desktop client

Download the WireGuard desktop application from https://www.wireguard.com/install/ and install it.

Download the client config (let's say you want to use the client1.conf config) from your droplet (use the IP address of your droplet, instead of xxx.xxx.x.xx):

 scp root@xxx.xxx.x.xx:"~/wireguard/client1.conf" ~/Desktop/
      
      

        
        
        
      

    
        
        
        
      
      

        
        
        
      

    
     

Launch the desktop version of WireGuard and import the tunnel from the downloaded client configuration ( client1.conf ).

Comment. The download command ( scp ) works on * nix-like operating systems. If you have Windows, use winscp or another similar application.

Remark 2. You can also use WireGuard without a GUI and use the same client configurations.

Install client for mobile phone

Install the WireGuard app through the AppStore or PlayMarket.

Run it and import the VPN tunnel through the QR code.

How to get a QR code

You can generate a QR code by connecting to the droplet (use the IP address of your droplet instead of xxx.xxx.x.xx) and execute the command (in case you will use the client config client2.conf ):

 ssh root@xxx.xxx.x.xx qrencode -t ansiutf8 < ~/wireguard/client2.conf
      
      

        
        
        
      

    
        
        
        
      
      

        
        
        
      

    
     

Thanks.