A lightweight Bash script to set up your own self-hosted, no-logs, private VPN using WireGuard.
This script automatically installs WireGuard, configures the server, generates client keys, and provides a ready-to-use client configuration file — all in just a few minutes.
- 🚀 One-line installation – get your VPN running with a single command
- 🔒 No logs, full privacy – nothing is stored on the server
- 🛡️ Self-hosted – run on your own VPS or bare-metal server
- 🔑 Automatic key generation for server & client
- 📦 Client configuration bundle served via Nginx or scp
- 🔧 Works on Ubuntu/Debian (cloud or local server)
- Ubuntu/Debian-based system
- Root privileges
- By default, the VPN listens on UDP port 51820
- You can change this by editing the
PORTvariable at the top ofwireguard-install.sh:PORT="51820"
Run this command on your server to download and install in one step:
curl -sSL https://raw.githubusercontent.com/pradeeparul2/simple-wireguard-setup/main/wireguard-install.sh | sudo bash-
Clone this repository:
git clone https://github.com/pradeeparul2/simple-wireguard-setup.git cd simple-wireguard-setup -
Make the script executable:
chmod +x wireguard-install.sh
-
Run the script:
sudo ./wireguard-install.sh
-
After setup, download the client configuration:
curl -o client-config.zip http://<SERVER_PUBLIC_IP>/client-config.zip
-
Import the configuration file into your WireGuard client.
- Ensure your server has a public IP address (Elastic IP for AWS EC2 is recommended).
- The script defaults to detecting the network interface automatically, falling back to
eth0. - You can customize subnet, ports, and client IPs by editing the script variables.
This project is licensed under the MIT License. See the LICENSE file for details.