Skip to main content
WireGuard is a modern VPN protocol: fast, lightweight, and it holds the connection when your network changes. It has far less code than older solutions — less room for bugs and higher speed. On a Lumi VPS (Ubuntu 22.04 by default, root over SSH) you can set it up in a couple of minutes.
Commands are current as of writing. Script names and flags change from time to time — check angristan/wireguard-install and wireguard.com.

Why WireGuard is good

Speed

Runs in the Linux kernel and barely loses any throughput.

Simplicity

The config is a few lines, not pages of settings.

Stability

Switch from Wi-Fi to mobile — the tunnel doesn’t drop.

Privacy

A personal VPN and access to your own services from any device.

Installation

Two paths: a ready-made script (quick) or manual (full control). The script is enough for most people.
The ready-made script will install WireGuard, configure the server, create a system service, and issue your first client — with a config file and a QR code.
1

Connect to the server over SSH

Take the IP and root password from the server card in the bot.
ssh root@YOUR_SERVER_IP
2

Download and run the script

curl -O https://raw.githubusercontent.com/angristan/wireguard-install/master/wireguard-install.sh
chmod +x wireguard-install.sh
./wireguard-install.sh
3

Answer the questions

The script will ask for your public IP, the port (default 51820), DNS servers for clients, and the name of the first client. Not sure — press Enter; the defaults work for almost everyone.
4

Grab the client config

At the end, the script prints a QR code right in the terminal and creates a .conf file. The QR is handy for scanning from your phone; the file is for moving to a computer.
Add more clients. Each device gets its own config. Run the script again (./wireguard-install.sh) — a menu appears: add a client, remove one, or uninstall WireGuard entirely. The script sets up the NAT rules itself.
Open WireGuard’s UDP port in the firewall, otherwise the connection won’t go through (default 51820):
ufw allow 51820/udp
If you chose a different port, substitute it. More details — Firewall (ufw).

Connecting devices

Install the official WireGuard app and import the config:
PlatformWhere from
WindowsInstaller from wireguard.com/install
macOS · iOSApp Store
AndroidGoogle Play or the APK from the site
LinuxYour distribution’s package manager
In the app: Add Tunnel → import the .conf file or scan the QR code. Turn on the tunnel — all traffic goes through your server.

What Lumi handles, and what you do

Lumi handles the server and network: the VPS is up, you have root access, a 10 Gbit/s port, and unlimited traffic. Setting up the VPN software is on you — it’s your personal service. If a port won’t open or the network won’t come up on the server side, message @lumisup_robot.

Where to next

Firewall

Open the WireGuard port the right way.

Harden the server

A VPS security checklist.

Another VPN

Amnezia, if WireGuard is blocked.