<p><strong>Introduction:</strong> This guide will walk you through setting up WireGuard VPN Server on your Virtual Private Server (VPS) using TurnKey Linux. We'll cover accessing your VPS via SSH, completing the initial TurnKey Linux configuration, setting up the WireGuard server, and configuring clients to connect to your VPN.</p>
<p><strong>Step 1: Access Your VPS via SSH</strong></p>
<ol>
<li>
<p><strong>Obtain Your VPS Details:</strong></p>
<ul>
<li><strong>IP Address:</strong> Provided in your welcome email.</li>
<li><strong>Root Password:</strong> Provided in your welcome email.</li>
<li><strong>SSH Port:</strong> Default is 22 unless specified otherwise.<br /><br /></li>
</ul>
</li>
<li>
<p><strong>Install an SSH Client:</strong></p>
<ul>
<li><strong>Windows:</strong> <a href="https://www.putty.org/" target="_new" rel="noopener">Download PuTTY</a>.</li>
<li><strong>macOS/Linux:</strong> Use the built-in Terminal application.<br /><br /></li>
</ul>
</li>
<li>
<p><strong>Connect to Your VPS:</strong></p>
<ul>
<li>Open your SSH client.</li>
<li>For Windows (PuTTY):
<ul>
<li>Enter your VPS IP in the "Host Name" field.</li>
<li>Ensure the port is set to 22.</li>
<li>Click "Open."</li>
</ul>
</li>
<li>For macOS/Linux Terminal:
<div class="contain-inline-size rounded-md border-[0.5px] border-token-border-medium relative bg-token-sidebar-surface-primary dark:bg-gray-950">
<div class="flex items-center text-token-text-secondary px-4 py-2 text-xs font-sans justify-between rounded-t-md h-9 bg-token-sidebar-surface-primary dark:bg-token-main-surface-secondary select-none">bash</div>
<div class="overflow-y-auto p-4" dir="ltr"><code class="!whitespace-pre hljs language-bash">ssh root@&lt;Your-VPS-IP&gt;
</code></div>
</div>
Replace <code>&lt;Your-VPS-IP&gt;</code> with your server's IP address.<br /><br /></li>
</ul>
</li>
<li>
<p><strong>Authenticate:</strong></p>
<ul>
<li>When prompted, enter the root password.</li>
<li>Upon successful login, you'll have terminal access to your VPS.</li>
</ul>
</li>
</ol>
<p><strong>Step 2: Complete TurnKey Linux First Boot Configuration</strong></p>
<p>Upon first login, TurnKey Linux will guide you through initial setup:</p>
<ol>
<li>
<p><strong>Set Root Password:</strong></p>
<ul>
<li>You'll be prompted to set a new password for the root user.</li>
</ul>
</li>
<li>
<p><strong>Configure WireGuard:</strong></p>
<ul>
<li>Set the WireGuard VPN server name and private/public keys (these will be generated automatically).</li>
</ul>
</li>
<li>
<p><strong>Configure Domain and SSL (Optional):</strong></p>
<ul>
<li>If you want to access your VPN management interface via a domain, set your domain and configure a Let's Encrypt SSL certificate.</li>
</ul>
</li>
</ol>
<p><strong>Step 3: Configure WireGuard VPN</strong></p>
<ol>
<li>
<p><strong>Access Configuration Files:</strong></p>
<ul>
<li>Configuration files are located in <code>/etc/wireguard/</code>.</li>
<li>Edit <code>wg0.conf</code> to customize your VPN settings.</li>
</ul>
</li>
<li>
<p><strong>Enable IP Forwarding:</strong></p>
<ul>
<li>Run the following command to enable IP forwarding:
<div class="contain-inline-size rounded-md border-[0.5px] border-token-border-medium relative bg-token-sidebar-surface-primary dark:bg-gray-950">
<div class="flex items-center text-token-text-secondary px-4 py-2 text-xs font-sans justify-between rounded-t-md h-9 bg-token-sidebar-surface-primary dark:bg-token-main-surface-secondary select-none">bash</div>
<div class="overflow-y-auto p-4" dir="ltr"><code class="!whitespace-pre hljs language-bash">echo 1 > /proc/sys/net/ipv4/ip_forward
</code></div>
</div>
</li>
<li>Make it permanent by editing <code>/etc/sysctl.conf</code> and setting <code>net.ipv4.ip_forward=1</code>.</li>
</ul>
</li>
<li>
<p><strong>Start WireGuard:</strong></p>
<ul>
<li>Run the following command:
<div class="contain-inline-size rounded-md border-[0.5px] border-token-border-medium relative bg-token-sidebar-surface-primary dark:bg-gray-950">
<div class="flex items-center text-token-text-secondary px-4 py-2 text-xs font-sans justify-between rounded-t-md h-9 bg-token-sidebar-surface-primary dark:bg-token-main-surface-secondary select-none">bash</div>
<div class="overflow-y-auto p-4" dir="ltr"><code class="!whitespace-pre hljs language-bash">systemctl start wg-quick@wg0
</code></div>
</div>
</li>
<li>Enable it to start on boot:
<div class="contain-inline-size rounded-md border-[0.5px] border-token-border-medium relative bg-token-sidebar-surface-primary dark:bg-gray-950">
<div class="flex items-center text-token-text-secondary px-4 py-2 text-xs font-sans justify-between rounded-t-md h-9 bg-token-sidebar-surface-primary dark:bg-token-main-surface-secondary select-none">bash</div>
<div class="overflow-y-auto p-4" dir="ltr"><code class="!whitespace-pre hljs language-bash">systemctl enable wg-quick@wg0
</code></div>
</div>
</li>
</ul>
</li>
</ol>
<p><strong>Step 4: Configure WireGuard Clients</strong></p>
<ol>
<li>
<p><strong>Generate Client Configuration Files:</strong></p>
<ul>
<li>Create configuration files for each client in <code>/etc/wireguard/clients/</code>.</li>
<li>Include the server's public key, allowed IPs, and client-specific settings.</li>
</ul>
</li>
<li>
<p><strong>Install WireGuard Client:</strong></p>
<ul>
<li>Install WireGuard on your device:
<ul>
<li><strong>Windows:</strong> <a href="https://www.wireguard.com/install/" target="_new" rel="noopener">Download from WireGuard Website</a>.</li>
<li><strong>Linux:</strong> Use your package manager: <code>sudo apt install wireguard</code>.</li>
<li><strong>Mobile:</strong> Install the WireGuard app from your device's app store.</li>
</ul>
</li>
</ul>
</li>
<li>
<p><strong>Import Configuration:</strong></p>
<ul>
<li>Use the client app to import the generated configuration file and connect.</li>
</ul>
</li>
</ol>
<p><strong>Step 5: Point Your Domain to Your VPS (Optional)</strong></p>
<p>If you wish to use a domain for WireGuard management, configure it directly via our control panel or your registrar.</p>
<p><strong>Option A: Domain Registered with Us</strong></p>
<ol>
<li>
<p><strong>Access Domain Management:</strong></p>
<ul>
<li>Log in to your account on our platform.</li>
<li>Navigate to the "Domain Management" or "DNS Settings" section.</li>
</ul>
</li>
<li>
<p><strong>Create an A Record:</strong></p>
<ul>
<li><strong>Host:</strong> <code>@</code> (represents the root domain)</li>
<li><strong>Points to:</strong> Your VPS IP address</li>
<li><strong>TTL:</strong> Default or 3600 seconds<br /><br /></li>
</ul>
</li>
<li>
<p><strong>Save Changes:</strong></p>
<ul>
<li>Apply the new DNS settings.</li>
<li>Note: DNS changes may take up to 24 hours to propagate.</li>
</ul>
</li>
</ol>
<p><strong>Option B: Domain Registered Elsewhere</strong></p>
<ol>
<li>
<p><strong>Log in to Your Domain Registrar:</strong></p>
<ul>
<li>Access the DNS management area.</li>
</ul>
</li>
<li>
<p><strong>Add an A Record:</strong></p>
<ul>
<li><strong>Host:</strong> <code>@</code></li>
<li><strong>Points to:</strong> Your VPS IP address</li>
<li><strong>TTL:</strong> Default or 3600 seconds</li>
</ul>
</li>
<li>
<p><strong>Save Changes:</strong></p>
<ul>
<li>Apply the updated DNS settings.</li>
<li>Allow time for DNS propagation.</li>
</ul>
</li>
</ol>
<p><strong>Step 6: <a title="Management Tools" href="https://purevps.com/index.php?rp=/knowledgebase/2/Management-Tools-for-VPS-APP-Hosting.html" target="_blank" rel="noopener">Management Tools</a></strong></p>
<p> </p>
<p><strong>Additional Resources:</strong></p>
<ul>
<li><strong>TurnKey Linux WireGuard Appliance:</strong> <a href="https://www.turnkeylinux.org/wireguard" target="_new" rel="noopener">TurnKey Linux: WireGuard Appliance</a></li>
<li><strong>WireGuard Documentation:</strong> <a href="https://www.wireguard.com/" target="_new" rel="noopener">WireGuard Official Site</a></li>
<li><strong>PuTTY SSH Client:</strong> <a href="https://www.putty.org/" target="_new" rel="noopener">PuTTY Download Page</a></li>
<li><strong>Let's Encrypt Documentation:</strong> <a href="https://letsencrypt.org/" target="_new" rel="noopener">Let's Encrypt Official Site</a></li>
</ul>
<p><strong>Note:</strong></p>
<ul>
<li>Ensure your VPS firewall allows UDP traffic on WireGuard's port (default 51820).</li>
<li>DNS changes can take time to propagate globally.</li>
</ul>
<h3><strong>Tips and Troubleshooting</strong></h3>
<ul>
<li><strong>Connection Issues</strong>: Ensure the server and client configurations match.</li>
<li><strong>Firewall Rules</strong>: Verify that UDP traffic on port 51820 is allowed.</li>
<li><strong>Logs</strong>: Check <code>/var/log/syslog</code> for WireGuard-related errors.</li>
</ul>

Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

Management Tools for VPS APP Server

Your VPS Hosting Plan offer APPs using using Turnkey Platform  TurnKey Linux includes powerful...
Getting Started with WordPress Setup on VPS Hosting Plan

Introduction: This guide will walk you through setting up WordPress on your Virtual Private...
Getting Started with PHP 8.2 + MariaDB (WebHost) Setup on VPS Hosting Plan

Introduction: This guide will walk you through setting up PHP 8.2 + MariaDB on your Virtual...
Getting Started with Apache Tomcat Server Setup on VPS Hosting Plan

Introduction: This guide will walk you through setting up an Apache Tomcat server on your Virtual...
Getting Started with phpBB Forum Setup on VPS Hosting Plan

Introduction: This guide will walk you through setting up a phpBB forum on your Virtual Private...