Prerequisites
Before starting, ensure you have:
Server Requirements
- • RamNode VPS (Ubuntu 22.04/24.04)
- • Root access to server
- • SSH client
Knowledge Requirements
- • Basic Linux command line
- • Understanding of networking basics
- • SSH connection skills
Initial Server Setup
Connect to your RamNode VPS and update the system:
ssh root@your-server-ipapt update && apt upgrade -y💡 Tip: Replace "your-server-ip" with your actual RamNode VPS IP address.
Install WireGuard
Install WireGuard and necessary utilities:
apt install wireguard wireguard-tools -y✅ WireGuard is now installed and ready for configuration.
Generate Server Keys
Generate the server's private and public keys:
cd /etc/wireguard
wg genkey | tee server_private.key | wg pubkey > server_public.keychmod 600 server_private.key chmod 644 server_public.key🔐 Security: Keep your private key secure and never share it!
Configure WireGuard Server
Create the server configuration file:
nano /etc/wireguard/wg0.confAdd the following configuration (replace SERVER_PRIVATE_KEY with your actual private key):
[Interface]
PrivateKey = SERVER_PRIVATE_KEY
Address = 10.0.0.1/24
ListenPort = 51820
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
# Client configurations will be added below
[Peer]
PublicKey = CLIENT_PUBLIC_KEY
AllowedIPs = 10.0.0.2/32Enable IP Forwarding
Enable IP forwarding to allow traffic routing:
echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
sysctl -pConfigure Firewall
Configure UFW firewall to allow WireGuard traffic:
ufw allow 51820/udp ufw allow OpenSSH ufw enable⚠️ Warning: Make sure SSH is allowed before enabling UFW to avoid losing access!
Start WireGuard Service
Start and enable the WireGuard service:
systemctl enable wg-quick@wg0 systemctl start wg-quick@wg0systemctl status wg-quick@wg0🚀 Your WireGuard server is now running!
Generate Client Configuration
Generate keys for each client device:
wg genkey | tee client_private.key | wg pubkey > client_public.keyCreate a client configuration file:
[Interface]
PrivateKey = CLIENT_PRIVATE_KEY
Address = 10.0.0.2/32
DNS = 8.8.8.8
[Peer]
PublicKey = SERVER_PUBLIC_KEY
Endpoint = YOUR_SERVER_IP:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25Adding Clients to Server
Add the client's public key to the server:
wg set wg0 peer CLIENT_PUBLIC_KEY allowed-ips 10.0.0.2/32Or restart the service after editing the config file:
systemctl restart wg-quick@wg0Client Setup
Install WireGuard on your client devices:
📱 Mobile
Download WireGuard app from App Store or Google Play
🖥️ Desktop
Download from wireguard.com
🐧 Linux
Install via package manager
apt install wireguard📋 Import the client configuration file or manually enter the configuration details in your WireGuard client.
Testing the Connection
Follow these steps to test your VPN connection:
Connect to VPN
Activate the WireGuard connection on your client device
Check IP Address
curl ifconfig.meTest DNS Resolution
nslookup google.com✅ If the IP matches your RamNode VPS IP, your VPN is working correctly!
Troubleshooting Common Issues
Security Best Practices
🔒 Server Security
- • Regular system updates
- • Implement fail2ban
- • Change default SSH port
- • Monitor server logs
🗝️ Key Management
- • Unique keys per client
- • Secure key storage
- • Regular key rotation
- • Revoke unused keys
🎉 Congratulations!
You now have a fully functional WireGuard VPN server running on your RamNode VPS. This setup provides secure, encrypted access to the internet through your private server.