Blog Winston AI @CustomerPanel
UnderHost
Knowledgebase Docs
/
Tools
VPN Security Advanced

Setup VPN Server on UnderHost VPS: WireGuard & OpenVPN

Run VPN server on your VPS. Setup WireGuard or OpenVPN for secure remote access, privacy, and bypassing geo-restrictions.

UnderHost NOC Network Operations
12 min read Updated June 2026
On this page

A VPN server on your VPS encrypts traffic from your device through your VPS, protecting from snoopers and geo-blocks. WireGuard is modern and fast; OpenVPN is mature and widely supported. Both are excellent choices.

VPN Types: WireGuard vs OpenVPN

FeatureWireGuardOpenVPN
SpeedVery FastGood
Code size4,000 lines100,000+ lines
Setup difficultyEasyComplex
MaturityNewer (2015+)Established (2001+)
Client supportExcellent modernAll platforms
Security auditYes, peer-reviewedYes, widely audited

Recommendation: WireGuard for new setups (faster, easier). OpenVPN if you need older device support.

Requirements

  • UnderHost Cloud VPS with root SSH access
  • Debian/Ubuntu or CentOS operating system
  • 2GB+ RAM (more users = more RAM)
  • Static IP address (recommended)
  • Open firewall port for VPN (1194 for OpenVPN, 51820 for WireGuard)

Setup WireGuard (Recommended)

Step 1: Install WireGuard

# Debian/Ubuntu
sudo apt update && sudo apt install wireguard wireguard-tools

# CentOS/RHEL
sudo yum install wireguard-tools

Step 2: Generate keys

cd /etc/wireguard
sudo wg genkey | sudo tee privatekey | wg pubkey | sudo tee publickey
sudo chmod 600 privatekey

Step 3: Create wg0.conf

# /etc/wireguard/wg0.conf
[Interface]
PrivateKey = 
Address = 10.0.0.1/24
ListenPort = 51820
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = 
AllowedIPs = 10.0.0.2/32

Step 4: Enable WireGuard

sudo systemctl enable wg-quick@wg0
sudo systemctl start wg-quick@wg0
sudo wg show  # Verify running

Setup OpenVPN (Alternative)

Install and configure:

sudo apt install openvpn easy-rsa

# Generate CA and certificates
make-cadir ~/openvpn-ca
cd ~/openvpn-ca
./easyrsa init-pki
./easyrsa build-ca
./easyrsa gen-req server nopass
./easyrsa sign-req server server

# Copy files to /etc/openvpn
sudo cp pki/ca.crt /etc/openvpn/
sudo cp pki/issued/server.crt /etc/openvpn/
sudo cp pki/private/server.key /etc/openvpn/

# Start OpenVPN
sudo systemctl enable openvpn@server
sudo systemctl start openvpn@server

Firewall Configuration

Allow VPN port through firewall:

# WireGuard (UDP 51820)
sudo ufw allow 51820/udp

# OpenVPN (UDP 1194)
sudo ufw allow 1194/udp

# Verify
sudo ufw status

Connect Clients

WireGuard client config:

[Interface]
PrivateKey = 
Address = 10.0.0.2/24
DNS = 8.8.8.8

[Peer]
PublicKey = 
Endpoint = your.vpn.server.com:51820
AllowedIPs = 0.0.0.0/0

Save as wg_client.conf and import in WireGuard app or run: sudo wg-quick up ./wg_client.conf

Monitor VPN

# Show connected clients
sudo wg show

# View traffic
sudo wg show wg0 transfer

Security Best Practices

  • Regenerate keys regularly: Monthly key rotation recommended
  • Limit clients: Only add trusted clients to Peer list
  • Monitor logs: Check /var/log/syslog for unauthorized access attempts
  • Use strong server password: If password-protecting private key
  • Keep software updated: apt update && apt upgrade
  • Test DNS leaks: Visit dnsleaktest.com while connected (should show VPS IP)
VPN throughput is limited by VPS spec

A $5/month VPS can't handle 100 clients. Calculate expected throughput: CPU speed × connection count.

Related: VPS security | Firewall setup | SSL certificates

Was this article helpful?

Need a Cloud VPS?

Launch an UnderHost Cloud VPS when you need root access, dedicated resources, custom software, or more control than shared hosting.

View Cloud VPS CustomerPanel

Related articles

Back to Cloud VPS