How to Set Up a VPN Server on Your VPS (WireGuard + OpenVPN)

How to Set Up a VPN Server on Your VPS (WireGuard + OpenVPN)

Running your own VPN server on a VPS is one of the smartest moves you can make for privacy, remote access, or bypassing geo-restrictions — and in 2026, it’s easier than ever. Commercial VPN services often log your data, throttle speeds, and restrict certain ports. When you host your own VPN on a VPS, you own the entire stack.

This guide covers two of the most popular VPN protocols side by side: WireGuard (fast, modern, minimal) and OpenVPN (battle-tested, flexible, widely compatible). Whether you’re a developer, sysadmin, or privacy-conscious user, you’ll be running a fully functional VPN server by the end of this tutorial.

Why Run a VPN Server on Your VPS?

Before diving into the setup, it’s worth understanding what you actually gain:

  • Full privacy control — No third-party logs. Your traffic goes through your server only.
  • No speed throttling — With a VPS like VPS.DO’s 1 Gbps USA VPS, you get raw bandwidth, not shared commercial VPN limits.
  • Multiple device support — Connect phones, laptops, tablets — all through your own tunnel.
  • Bypass geo-restrictions — Choose a USA or Hong Kong VPS to access region-locked content.
  • Remote team access — Use your VPN as a secure internal network for your team.

WireGuard vs OpenVPN: Which Should You Choose?

Both protocols are solid choices, but they serve slightly different needs:

WireGuard OpenVPN
Speed ⚡ Very fast Moderate
Setup complexity Simple (~30 min) Moderate (~45–60 min)
Code size ~4,000 lines ~100,000+ lines
Protocol UDP only UDP + TCP
Firewall bypass Limited (UDP only) Strong (TCP port 443)
Platform support Linux, Windows, macOS, iOS, Android All major platforms
Best for Speed, personal use, modern setups Strict firewalls, enterprise, flexibility

Recommendation: Start with WireGuard unless you’re behind a corporate firewall or need TCP fallback — in that case, use OpenVPN.

Requirements Before You Start

  • A KVM VPS with Ubuntu 22.04 or 24.04 LTS (both protocols work best on Ubuntu)
  • Root or sudo access via SSH
  • A public IPv4 address (included with all VPS.DO plans)
  • Basic familiarity with the Linux terminal

💡 VPS.DO Tip: VPS.DO’s USA VPS plans include 1 Gbps ports and up to 5TB monthly bandwidth — perfect for running a personal VPN without worrying about speed or limits. View USA VPS plans →

Part 1: How to Set Up WireGuard VPN on Your VPS

WireGuard is the recommended choice for most users in 2026. It’s fast, uses modern cryptography (ChaCha20 encryption, Curve25519 key exchange), and has fewer than 4,000 lines of code — making it far easier to audit and secure than legacy protocols.

Step 1: Update Your VPS

Always start with a fresh system update to patch any vulnerabilities before installing new services:

sudo apt update && sudo apt upgrade -y

Step 2: Install WireGuard

On Ubuntu 22.04 or 24.04, WireGuard is available directly from the official repositories:

sudo apt install wireguard -y

Step 3: Generate Server Keys

WireGuard uses public/private key pairs to authenticate peers. Generate your server’s key pair:

wg genkey | tee /etc/wireguard/server_private.key | wg pubkey > /etc/wireguard/server_public.key
chmod 600 /etc/wireguard/server_private.key

View and copy both keys — you’ll need them in the next step:

cat /etc/wireguard/server_private.key
cat /etc/wireguard/server_public.key

Step 4: Find Your Network Interface

Identify your main network interface name (usually eth0 or ens3):

ip route | grep default

Note the interface name after dev (e.g., eth0).

Step 5: Create the WireGuard Configuration

Create the server config file. Replace YOUR_SERVER_PRIVATE_KEY with the private key from Step 3, and eth0 with your actual interface:

sudo nano /etc/wireguard/wg0.conf

Paste the following:

[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = YOUR_SERVER_PRIVATE_KEY
SaveConfig = true

# Enable IP forwarding and NAT
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

Step 6: Enable IP Forwarding

This allows your VPS to route traffic for VPN clients:

echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

Step 7: Open the Firewall Port

sudo ufw allow 51820/udp
sudo ufw allow OpenSSH
sudo ufw enable

Step 8: Start WireGuard

sudo systemctl start wg-quick@wg0
sudo systemctl enable wg-quick@wg0

Verify it’s running:

sudo wg show

Step 9: Add a Client (Peer)

On your client device (laptop, phone), install the WireGuard app and generate a client key pair. Then on the server, add the client as a peer:

sudo wg set wg0 peer CLIENT_PUBLIC_KEY allowed-ips 10.0.0.2/32

Step 10: Configure the Client

Create a client.conf file on your device:

[Interface]
PrivateKey = CLIENT_PRIVATE_KEY
Address = 10.0.0.2/24
DNS = 1.1.1.1

[Peer]
PublicKey = SERVER_PUBLIC_KEY
Endpoint = YOUR_VPS_IP:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25

Import this into your WireGuard client app, connect, and verify your IP has changed to your VPS’s IP address at whatismyip.com.

WireGuard setup complete!

Part 2: How to Set Up OpenVPN on Your VPS

OpenVPN is the right choice when you need to bypass strict firewalls by running VPN traffic over TCP port 443 (indistinguishable from regular HTTPS). Here’s the fastest way to deploy it using the official installer script.

Step 1: Update the System

sudo apt update && sudo apt upgrade -y

Step 2: Download the OpenVPN Installer Script

The easiest and most reliable method is the community-maintained OpenVPN installer:

wget https://get.openvpn.net/downloads/openvpn-install.sh
chmod +x openvpn-install.sh
sudo bash openvpn-install.sh

Step 3: Follow the Installer Prompts

The script will ask you:

  • IP address — It should auto-detect your VPS public IP. Confirm it.
  • Protocol — Choose UDP for speed, or TCP with port 443 for maximum firewall bypass.
  • DNS — Choose Cloudflare (1.1.1.1) or Google (8.8.8.8).
  • Client name — Enter a name for your first client (e.g., laptop).

The script handles certificate generation, key creation, and server configuration automatically. It takes about 3–5 minutes.

Step 4: Download the Client Configuration

After installation, a .ovpn file is created in /root/. Download it securely to your device using SFTP:

sftp root@YOUR_VPS_IP:/root/laptop.ovpn ~/Downloads/

Step 5: Connect from Your Device

  • Windows/Mac: Download the OpenVPN Connect client, import the .ovpn file, and connect.
  • Linux: sudo openvpn --config laptop.ovpn
  • iOS/Android: Use the OpenVPN Connect app and import the file.

Step 6: Enable Auto-Start

sudo systemctl start openvpn@server
sudo systemctl enable openvpn@server

OpenVPN setup complete!

Security Hardening Checklist

Now that your VPN is running, lock it down:

  • Close unused ports — Use ufw to allow only port 22 (SSH), and your VPN port (51820 UDP or 443 TCP).
  • Disable password SSH login — Use SSH key authentication only (PasswordAuthentication no in /etc/ssh/sshd_config).
  • Keep the system updated — Run sudo apt update && sudo apt upgrade weekly, or enable unattended-upgrades.
  • Monitor logs — Check sudo journalctl -u wg-quick@wg0 (WireGuard) or /var/log/openvpn.log regularly.
  • Rotate keys periodically — Generate new client keys every 3–6 months for best security hygiene.

Troubleshooting Common Issues

VPN connects but no internet access

The most common cause is IP forwarding not being enabled. Double-check:

sysctl net.ipv4.ip_forward

The output should be net.ipv4.ip_forward = 1. If it’s 0, re-run the sysctl command from Step 6.

Can’t connect at all

Verify the VPN port is open on your VPS firewall and that the server is running:

# WireGuard
sudo wg show

# OpenVPN
sudo systemctl status openvpn@server

Incorrect server IP in config

Your VPS public IP may differ from what’s shown inside the VM. Run curl ifconfig.me to get the correct public IP and update your client config accordingly.

Choosing the Right VPS for Your VPN

Your VPN’s performance is only as good as the VPS it runs on. For a smooth, fast VPN experience, you need:

  • At least 1 GB RAM (1 dedicated vCPU is sufficient for personal use)
  • 1 Gbps port for full-speed encrypted tunnels
  • Low-latency location — choose a data center close to where you’ll be connecting from
  • KVM virtualization — required for full kernel module support (OpenVZ blocks WireGuard’s kernel module)

VPS.DO’s KVM VPS plans in both the USA and Hong Kong check all these boxes. All plans include KVM virtualization, 1 Gbps ports, SSD storage, and full root access — everything you need for a self-hosted VPN.

Final Thoughts

Setting up a VPN server on your VPS gives you something commercial VPN services simply can’t offer: complete ownership of your data and traffic. WireGuard makes modern VPN deployment fast and straightforward, while OpenVPN remains the gold standard for environments with strict firewall rules.

With a KVM VPS from VPS.DO starting at just $20/month, the cost of running your own private VPN server is minimal — and the privacy benefits are significant. Follow the steps above, harden your setup, and you’ll have a fully operational, secure VPN tunnel in under an hour.

Have questions or ran into an issue during setup? Open a support ticket — VPS.DO’s technical team is available 24/7.

Related articles you might find useful:

Fast • Reliable • Affordable VPS - DO It Now!

Get top VPS hosting with VPS.DO’s fast, low-cost plans. Try risk-free with our 7-day no-questions-asked refund and start today!

Contact Us

VPS.DO offers reliable, cost-effective KVM VPS hosting as a robust Cloud-as-a-Service solution worldwide. We DO our best to power your success with unbeatable VPS value.

Copyright © 2026 VPS.DO

Services
Information
Account