💎 Earn 45%—Join Hostman Affiliate Program!
English
Community
Sign In
Sign In

How to Set Up WireGuard VPN

How to Set Up WireGuard VPN
Hostman Team
Technical writer
VPN
25.09.2024
Reading time: 6 min
Share

WireGuard VPN is an open-source project that allows users to set up encrypted tunnels for secure networking easily.

WireGuard VPN Pros:

  • Minimal latency and maximum throughput.

  • Easy installation and configuration.

WireGuard VPN Cons:

  • Requires additional software installation on client devices (though this isn't a major issue since it supports all platforms, and many modern routers come with WireGuard support built-in).

There are many guides and tutorials on how to install and set up WireGuard VPN. The official website provides detailed instructions, but this guide will show simple ways to start using WireGuard with examples, focusing on practical steps rather than theory.

Setting Up a WireGuard Server via Hostman Marketplace

The easiest way to install WireGuard VPN on a cloud server is to use Hostman Marketplace.

  1. In the control panel, go to Cloud Servers > Create > Marketplace > Network > WireGuard GUI.

6ad17804 3f5c 4282 9f36 70d43397f5c8

  1. Choose a location (e.g., Netherlands), select the minimal configuration, and click Order.

  2. The virtual machine and software installation will take around 5 minutes. Once it's ready, you'll receive an email confirmation.

WireGuard Configuration and Connection

  1. Follow the link in the email to access the interface and log in using your password.

  2. Add new WireGuard clients to connect Android and Windows devices.

Acf85f15 F593 4b43 80ef 55d44850c161

There are two ways to connect a client device to the server:

  • QR Code: Convenient for mobile devices.

  • Config file: Easier for PC setups.

In the interface, you'll see buttons to generate a QR code or download the configuration file.

Android Setup

  1. Download the official WireGuard app from Google Play.

  2. Open the app, scan the QR code from the web interface, and tap "Connect."

  3. To confirm the connection, check your IP address on whatismyipaddress.com. If it shows the server's IP, you're successfully connected.

Windows Setup

  1. Download the WireGuard Windows client from the official site.

  2. Download the WireGuard configuration file from the web interface.

  3. Open the client, add a tunnel, select the file, and click "Connect."

That's it! 

There are more advanced configuration options, but this basic setup should be enough for most users. WireGuard tends to be a "set it and forget it" solution; it works reliably after initial setup.

Speed Testing

To check the server connection speed, install the Speedtest CLI tool:

curl -s https://packagecloud.io/install/repositories/ookla/speedtest-cli/script.deb.sh | sudo bash
sudo apt-get install speedtest

I got a speed of 194 Mbps — excellent.

48250240 E479 4482 9b18 Ebb9813d82b7

Setting Up a WireGuard Server Using Docker Compose

While the WebGUI and Hostman marketplace one-click setup are easy, you may want more control over the configuration. Since I prefer working with Docker, I'll use it to install the same WireGuard with a web interface.

  1. Start with a clean system: Сloud Servers > Create > Select Ubuntu 22.04.

  2. After creation, connect to the server, update packages, and install Docker and Docker Compose:

apt update && apt upgrade -y
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh

  1. Create a new docker-compose.yml file:

nano docker-compose.yml

  1. Add the following configuration:

version: '3.8'
services:
  wireguard:
    image: weejewel/wg-easy:7
    environment:
      WG_HOST: 'your-server-ip'  # Hostname or IP address
      PASSWORD: 'MegaSuperPass@42'  # Web GUI password
    volumes:
      - ./wireguard:/etc/wireguard
    ports:
      - 51820:51820/udp
      - 51821:51821/tcp
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=0
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1
    restart: always

Replace your-server-ip with your actual server IP address and set a password.

  1. Save and run the following command to start the service:

docker compose up -d

You can now access the web interface at http://your-server-ip:51821. The project used here is called wg-easy, and you can explore additional settings in the repository.

Additional Configuration Options

In the Docker Compose file, you can adjust the following settings:

  • PASSWORD: Password for the WebGUI.

  • WG_HOST: Hostname or IP address.

  • WG_DEVICE: The Ethernet device to use for WireGuard traffic.

  • WG_PORT: The public UDP port (default: 51820).

  • WG_MTU: The MTU used by clients (default server MTU is used).

  • WG_PERSISTENT_KEEPALIVE: Time in seconds to keep connections alive. If set to 0, no keep-alive will be sent.

  • WG_DEFAULT_ADDRESS: The address range for clients.

  • WG_DEFAULT_DNS: DNS server.

  • WG_ALLOWED_IPS: The IP addresses that clients are allowed to use.

This setup gives you more control over configuration, restart management, and the ability to run additional services in Docker containers if needed.

Accessing Local Resources

One common issue with VPNs is losing access to local network resources because all traffic is routed through the tunnel by default.

To solve this, modify the AllowedIPs setting. By default, it's set to 0.0.0.0/0, which sends all traffic through the VPN. To retain access to local resources, you can add a list of IPs that should bypass the VPN.

Add the following environment variable in your docker-compose.yml and restart the container:

environment:
      WG_ALLOWED_IPS: '0.0.0.0/5, 8.0.0.0/7, 11.0.0.0/8, 12.0.0.0/6, 16.0.0.0/4, 32.0.0.0/3, 64.0.0.0/2, 128.0.0.0/3, 160.0.0.0/5, 168.0.0.0/6, 172.0.0.0/12, 172.32.0.0/11, 172.64.0.0/10, 172.128.0.0/9, 173.0.0.0/8, 174.0.0.0/7, 176.0.0.0/4, 192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, 192.169.0.0/16, 192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4, 8.8.8.8/32'

Alternatively, edit the client’s configuration file:

[Peer]
PublicKey = PublicKey
PresharedKey = PresharedKey
AllowedIPs = 0.0.0.0/5, 8.0.0.0/7, 11.0.0.0/8, 12.0.0.0/6, 16.0.0.0/4, 32.0.0.0/3, 64.0.0.0/2, 128.0.0.0/3, 160.0.0.0/5, 168.0.0.0/6, 172.0.0.0/12, 172.32.0.0/11, 172.64.0.0/10, 172.128.0.0/9, 173.0.0.0/8, 174.0.0.0/7, 176.0.0.0/4, 192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, 192.169.0.0/16, 192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4, 8.8.8.8/32
Endpoint = Endpoint

Conclusion

WireGuard VPN is one of the easiest and most convenient services for secure networking. I've worked with PPTP, SSTP, L2TP/IPsec, and others, each with its pros and cons. For now, WireGuard covers all my needs without any hassle.

The project is actively developing, with more devices supporting WireGuard and third-party teams creating additional UIs for easier configuration, such as the NetMaker project.

VPN
25.09.2024
Reading time: 6 min
Share

Similar

VPN

Installing and Configuring Wireproxy

Wireproxy is a WireGuard client that acts as a SOCKS5/HTTP proxy server or tunnel. It is particularly useful when you need to connect to certain websites through a WireGuard peer but do not want or cannot configure a new network interface for various reasons. In this article, we will cover how to create a SOCKS5 proxy using Wireproxy, as well as how to connect to it via the FoxyProxy extension for the Firefox browser. Main reasons why Wireproxy might be the preferred choice: Using WireGuard as a traffic proxy. No need for administrator privileges to modify WireGuard settings. Wireproxy provides full isolation from the device’s network interfaces, allowing it to be used without administrative configuration. Key Features of Wireproxy Static TCP routing for both client and server. SOCKS5/HTTP proxy support (currently only CONNECT is supported). Developers are working on additional features, including UDP support in SOCKS5 and static UDP routing. Installing Wireproxy Wireproxy supports multiple operating systems, including Linux, macOS, and Windows. There are two main installation methods: Building the project from source using Go. Downloading a precompiled version for your platform. Building from source ensures the latest code, while a precompiled version offers stability and convenience. Installing the Precompiled Version (Windows) Go to the GitHub releases page and download the archive for your operating system. For Windows, download wireproxy_windows_amd64.tar.gz. Extract the archive and place wireproxy.exe in a convenient location, e.g., create a wireproxy folder on your desktop. Open the Windows Command Prompt or PowerShell and navigate to the folder using: cd Desktop\wireproxy Verify the utility works correctly: wireproxy.exe -v Building from Source Using Go (Linux) Prerequisites Ensure Go version 1.20 or higher is installed: go version If Go is not installed, use this Ubuntu 22.04 installation guide. Build process Clone the Wireproxy repository: git clone https://github.com/octeep/wireproxy cd wireproxy Run the build process: make After the build completes, verify: ./wireproxy -v Configuring Wireproxy After installing Wireproxy, the next step is configuring the utility. You need a WireGuard configuration file. You can create a new server and set up WireGuard manually, e.g., following this Hostman guide. Alternatively, use the Marketplace section when creating a server and select Wireguard-GUI. A typical WireGuard configuration file looks like this: [Interface] PrivateKey = [Your_Private_Key] Address = 10.0.0.2/32 DNS = 8.8.8.8 [Peer] PublicKey = [Server_Public_Key] Endpoint = [Server_IP:Port] AllowedIPs = 0.0.0.0/0 PersistentKeepalive = 20 Place the WireGuard configuration file in the wireproxy folder you created earlier. In this example, the file is named wg.conf. Creating the Wireproxy Configuration In the wireproxy directory, create wp.conf for the SOCKS5 proxy configuration: WGConfig = ./wg.conf [Socks5] BindAddress = 127.0.0.1:25344 Username = hostman Password = hostman WGConfig specifies the path to your WireGuard config. BindAddress defines the local proxy address and port. Username and Password are optional login credentials for the proxy. Testing the Configuration Linux: ./wireproxy -c wp.conf -n Windows: wireproxy.exe -c wp.conf -n This checks that the configuration is correct without starting the proxy. Running Wireproxy Linux: ./wireproxy -c wp.conf Windows: wireproxy.exe -c wp.conf For background execution, use the -d flag: Linux: ./wireproxy -c wp.conf -d Windows: wireproxy.exe -c wp.conf -d Connecting to Wireproxy via Browser Extension To use Wireproxy in a browser, specialized proxy management extensions can be used. In this example, we will configure FoxyProxy in Firefox, though similar steps apply to other browsers, e.g., Chrome with Proxy SwitchyOmega. Installing and Configuring FoxyProxy in Firefox Install FoxyProxy from FoxyProxy for Firefox. Click the FoxyProxy icon and select Options to open settings. Click Add to create a new proxy configuration. Set Proxy Type to SOCKS5. Enter 127.0.0.1 as Proxy IP and 25344 as Port. If a username and password were set in Wireproxy, enter them in Username and Password. Click Save to store the configuration. Click the FoxyProxy icon again and select the newly created configuration to connect to the proxy. Visit any IP check service online to confirm that the IP address has changed. This verifies that your traffic is routed through Wireproxy. FoxyProxy supports patterns to apply proxy usage only to specific sites. Open the FoxyProxy menu and select Options. Click Patterns in your existing connection. Enable patterns by clicking the FoxyProxy icon and selecting Use Enable Proxies By Patterns and Order. After this, the proxy will only be used for websites specified in your patterns. Conclusion In this article, we covered the installation and configuration of Wireproxy, a tool for creating SOCKS5/HTTP proxies via WireGuard. Wireproxy’s standout feature is its ability to operate in user space, simplifying setup and usage, especially for users without administrative privileges. We also demonstrated integrating Wireproxy with browser extensions for convenient proxy management.
25 August 2025 · 5 min to read

Do you have questions,
comments, or concerns?

Our professionals are available to assist you at any moment,
whether you need help or are just unsure of where to start.
Email us
Hostman's Support