← Back to Blog

How to Set Up WireGuard VPN on a Linux VPS (Ubuntu 24.04)

Published May 2, 2026  ·  10 min read  ·  Dakota Hopson, Galaxy Cloud Solutions

Before I started Galaxy Cloud Solutions, I was running a FiveM RP server. Keeping that thing alive meant I spent a lot of time learning how to manage Linux servers — dealing with ports, firewall rules, keeping services running at 3am when players are online. One of the things I set up early on was a WireGuard VPN so I could access my home network remotely without opening everything up to the internet.

This guide walks you through setting up your own WireGuard VPN on a Ubuntu 24.04 VPS. The whole thing takes about 20 minutes. When you're done you'll have a VPN server you fully control — no subscription fees, no logs, no third party involved.

⚡ Need a VPS? Start from $5/mo — Use code LAUNCH2026 for 50% off

What You'll Need

• A Ubuntu 24.04 VPS (the Nebula 1 plan at $5/mo works fine for this)
• Root SSH access to your server
• WireGuard installed on your client device (phone, laptop, etc.)

Step 1 — Update Your Server

First things first. Log into your VPS and update everything:

apt update && apt upgrade -y

No point building on top of outdated packages.

Step 2 — Install WireGuard

WireGuard is in the Ubuntu repos now, so this is straightforward:

apt install wireguard -y

Step 3 — Generate Server Keys

WireGuard uses public/private key pairs. Generate them for your server:

wg genkey | tee /etc/wireguard/server_private.key | wg pubkey > /etc/wireguard/server_public.key
chmod 600 /etc/wireguard/server_private.key

Keep that private key private. Never share it anywhere.

Step 4 — Create the Server Config

You need to know your server's network interface name first:

ip link show

It'll be something like ens18 or eth0. On Galaxy Cloud Solutions VPS it's ens18. Now create the config:

cat > /etc/wireguard/wg0.conf << EOF
[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = $(cat /etc/wireguard/server_private.key)
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens18 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens18 -j MASQUERADE
EOF

Step 5 — Enable IP Forwarding

This lets traffic actually pass through your VPN server:

echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
sysctl -p

Step 6 — Open the Firewall Port

ufw allow 51820/udp
ufw reload

Step 7 — Add a Client

Generate keys for your client device:

wg genkey | tee /etc/wireguard/client1_private.key | wg pubkey > /etc/wireguard/client1_public.key

Add the client to your server config:

cat >> /etc/wireguard/wg0.conf << EOF

[Peer]
PublicKey = $(cat /etc/wireguard/client1_public.key)
AllowedIPs = 10.0.0.2/32
EOF

Now create the client config file you'll import into WireGuard on your phone or laptop:

cat > /etc/wireguard/client1.conf << EOF
[Interface]
Address = 10.0.0.2/24
PrivateKey = $(cat /etc/wireguard/client1_private.key)
DNS = 1.1.1.1

[Peer]
PublicKey = $(cat /etc/wireguard/server_public.key)
Endpoint = YOUR_SERVER_IP:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25
EOF

Replace YOUR_SERVER_IP with your actual VPS IP address.

Step 8 — Start WireGuard

systemctl enable wg-quick@wg0
systemctl start wg-quick@wg0

Check it's running:

systemctl status wg-quick@wg0
wg show

Step 9 — Connect Your Client

Copy the client config to your device. The easiest way is to display it as a QR code for your phone:

apt install qrencode -y
qrencode -t ansiutf8 < /etc/wireguard/client1.conf

Scan the QR code with the WireGuard app on your phone and you're connected.

Troubleshooting

If it's not working, check these things in order:

• Make sure port 51820 UDP is open in your firewall (ufw status)
• Verify IP forwarding is enabled (sysctl net.ipv4.ip_forward should return 1)
• Check your interface name matches what's in the config (ip link show)
• Look at the WireGuard logs: journalctl -u wg-quick@wg0 -f