opened image

Installing VPN WireGuard on a clean server

VPN WireGuard has a high speed.
The VPN client redirects all of its traffic through an encrypted tunnel to the server. The server applies NAT to the client's traffic, and as a result, it will appear as if the client is browsing the Internet with the server's IP address. SUPPORTS BOTH IPV4 AND IPV6


You need to download the WireGuard client, with which we will connect to the server.
For Windows 7, 8, 8.1, 10, 2012, 2016, 2019, for macOS X, for Android or IOS, you can download from the official website:
https://www.wireguard.com/install/

Supported repositories:

Ubuntu >= 16.04
Debian >= 10
Fedora
CentOS
Arch Linux
Oracle Linux



1. INSTALLATION (Recommending install on Ubuntu 20.04)

 

curl -O https://raw.githubusercontent.com/angristan/wireguard-install/master/wireguard-install.sh
chmod +x wireguard-install.sh
./wireguard-install.sh

 

 


It will install WireGuard (kernel module and tools) on the server, configure it, create a systemd service and a client config file.


2. RUNING THE SCRIPT AGAIN CAN DELETE/CREATE USER, INSTALL/UNINSTALL WIREGUARD VPN

 

 

 

 

 

./wireguard-install.sh

 


3. REGENERATE QR CODE IN THE CONSOLE

 

 

 

 

qrencode -t ansiutf8 -l L < /root/*-client-*.conf

 



4. IT IS POSSIBLE TO GENERATE A QR-CODE THROUGH THE ONLINE RESOURCE.

http://qrcoder.ru/

5. CHECKING ANONIMITY.

https://browserleaks.com/ip - should not show Local IP address


https://2ip.io/privacy/ - Can be achieved - Probability of using anonymization tools: 0%

TIME ZONE DIFFERENCE
Set the time (on a personal PC) of the server that is used as VPN

BLOCKING ICMP MESSAGES IN LINUX

echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all

For Ubuntu:

 

 

 

 

echo "net.ipv4.icmp_echo_ignore_all = 1" >> /etc/sysctl.conf
sysctl -p

 


For Centos:

 

 

 

 

echo "net.ipv4.icmp_echo_ignore_all = 1" >> /etc/sysctl.conf
sysctl -p

 



MANDATORY FOR ANDROID/IPHONE SMARTPHONES

VPN fingerprint "fires" the use of VPN ipsec / vpn (mtu 1280)

Force power on MTU 1500

In the main configuration file /etc/wireguard/wg0.conf set MTU = 1500

 

 

 

 

[Interface]
PrivateKey = **********
Address = *******
ListenPort = ****
MTU = 1500

 



Also, in the client configuration file /root/*-client-*.conf, write MTU = 1500

 

 

 

 

[Interface]
PrivateKey = **********
Address = *******
MTU = 1500

 



After that, you need to reload the wg0 interface:

 

 

 

 

 wg-quick down wg0 && wg-quick up wg0

 



If you experience poor speed or page loading (Windows)

In the main configuration file /etc/wireguard/wg0.conf set MTU = 1420
In the client configuration file /root/*-client-*.conf, write MTU = 1420