OP 24 August, 2025 - 11:20 PM
Here's a guide on how to create your own no-log vpn with Wireguard
Prerequisites:
an offshore VPS with a dedicated static IPv4 address, running Linux (debian, ubuntu, any really)
(personally, I use rdp.sh)
SERVER
Install wireguard management tools:
apt install wireguard
Uncomment this line in /etc/sysctl.d/99-sysctl.conf
net.ipv4.ip_forward=1
Run the command to apply the change:
sysctl -w net.ipv4.ip_forward=1
CLIENT
Install Wireguard on your machine. On Arch/Fedora, it's wireguard-tools
Create public and private keys:
sudo bash -c "umask 077 ; wg genkey > /etc/wireguard/client_priv.key"
sudo bash -c "wg pubkey < /etc/wireguard/client_priv.key > /etc/wireguard/client_pub.key"
SERVER
Generate the public and private keys for the server:
umask 077 ; wg genkey > /etc/wireguard/server_priv.key
wg pubkey < /etc/wireguard/server_priv.key > /etc/wireguard/server_pub.key
Create a Wireguard configuration file in /etc/wireguard/wg0.conf (edit wg0 to whatever)
A reminder to NOT USE "". It should be raw, e.g.
PublicKey = b1/fwqfchascAHW19cAWjg3190A/1AscZZgY=
Enable and start the Wireguard service:
systemctl enable --now wg-quick@wg0.service
CLIENT
Create another Wireguard config file in /etc/wireguard/myvpn.conf
Start Wireguard:
sudo wg-quick up myvpn
Any errors or things you want to add? Let me know in the replies
![[Image: pepeokay.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fstatic.cracked.st%2Fimages%2Fsmilies%2Fpepeokay.png)
Prerequisites:
an offshore VPS with a dedicated static IPv4 address, running Linux (debian, ubuntu, any really)
(personally, I use rdp.sh)
SERVER
Install wireguard management tools:
apt install wireguard
Uncomment this line in /etc/sysctl.d/99-sysctl.conf
net.ipv4.ip_forward=1
Run the command to apply the change:
sysctl -w net.ipv4.ip_forward=1
CLIENT
Install Wireguard on your machine. On Arch/Fedora, it's wireguard-tools
Create public and private keys:
sudo bash -c "umask 077 ; wg genkey > /etc/wireguard/client_priv.key"
sudo bash -c "wg pubkey < /etc/wireguard/client_priv.key > /etc/wireguard/client_pub.key"
SERVER
Generate the public and private keys for the server:
umask 077 ; wg genkey > /etc/wireguard/server_priv.key
wg pubkey < /etc/wireguard/server_priv.key > /etc/wireguard/server_pub.key
Create a Wireguard configuration file in /etc/wireguard/wg0.conf (edit wg0 to whatever)
Code:
[Interface]
Address = 172.16.0.1/24
ListenPort = 51820
PrivateKey = (server's private key goes here)
# Firewall rules
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
# Client #1 details
PublicKey = (client's public key goes here)
AllowedIPs = 172.16.0.2/32A reminder to NOT USE "". It should be raw, e.g.
PublicKey = b1/fwqfchascAHW19cAWjg3190A/1AscZZgY=
Enable and start the Wireguard service:
systemctl enable --now wg-quick@wg0.service
CLIENT
Create another Wireguard config file in /etc/wireguard/myvpn.conf
Code:
[Interface]
Address = 172.16.0.2/24
PrivateKey = (client's private key goes here)
# Set to your desired DNS server
# DNS = 9.9.9.9
[Peer]
PublicKey = (server's public key goes here)
# Endpoint (server) can be a domain name or IP address
Endpoint = (server's IP address goes here):51820
# Traffic to route to server
AllowedIPs = 0.0.0.0/0, ::/0Start Wireguard:
sudo wg-quick up myvpn
Any errors or things you want to add? Let me know in the replies
i hate skids
