I used to use a personal
OpenVPN server but I was never okay with its speed even though I tuned & enhanced the server configurations but still it wasn't good enough.
Then I heard about WireGuard and how fast and secure it is from my friend Mina so I decided to give it a try so I used Mina's Ansible Playbook to install and configure a
I created a
$5 instance in DigitalOcean with
CentOS 7 and I downloaded the playbook on my laptop ( you have to have Ansbile installed ):
$ ansible-galaxy install mina-alber.wireguard-ansible
Then I modified the
hosts_inventory file with the server info :
[all] wireguard ansible_host=[IP_ADDR] ansible_port=[SSH_PORT] ansible_user=root
And I started the script :
$ ansible-playbook -i hosts_inventory wireguard.yml
It took only
5 minutes and my
WireGuard VPN Server was ready.
Now SSH to the server and run the following command :
$ wg show
And you should get an output like this :
[[email protected] ~]# wg show interface: wg0 public key: 0c916OHwwAbP71I9UBFpddIsPH8MyTSifhLad+gy4GY= private key: (hidden) listening port: 51820
public key because we'll need it later for the client configuration.
Then I installed
WireGuard Tools on my
MacOS which has the
WireGuard Client to connect to the server :
$ brew install wireguard-tools
And I used it to generate a key for my laptop :
$ wg genkey | tee privatekey | wg pubkey > publickey
And I created a configuration file inside my home dir but you can create anywhere
[Interface] Address = 10.0.0.2/32 #select an unreserved IP PrivateKey = [[YOUR_PRIVATE_KEY]] DNS = 184.108.40.206 [Peer] PublicKey = [[SERVER_PUBLIC_KEY]] AllowedIPs = 0.0.0.0/0 Endpoint = [[SERVER_IP]]:51820 PersistentKeepalive = 25
[[YOUR_PRIVATE_KEY]] with the key inside the
[[SERVER_PUBLIC_KEY]] with the
public key which we got from
wg show command on the server and
[[SERVER_IP]] with the server IP.
Now SSH to the server again and edit
WireGuard config file
/etc/wireguard/wg0.conf and add your client block :
[Peer] PublicKey = [[YOUR_PUBLIC_KEY]] AllowedIPs = 10.0.0.2/32
[[YOUR_PUBLIC_KEY]] with the key inside the
And finally restart the service on the server :
$ systemctl restart [email protected]
And now let's connect to your VPN server.
On your local machine :
$ wg-quick up /Users/morxander/wg.conf
And congratulations you're connected now to your new VPN server. You can get your current IP :
$ curl https://wtfismyip.com/text
And now I can watch the US Netflix content without paying to a 3rd part VPN service.