Commands are current as of writing. Script names and flags change from time to time — check angristan/wireguard-install and wireguard.com.
Why WireGuard is good
Speed
Runs in the Linux kernel and barely loses any throughput.
Simplicity
The config is a few lines, not pages of settings.
Stability
Switch from Wi-Fi to mobile — the tunnel doesn’t drop.
Privacy
A personal VPN and access to your own services from any device.
Installation
Two paths: a ready-made script (quick) or manual (full control). The script is enough for most people.- Script — quick and easy
- Manual — full control
The ready-made script will install WireGuard, configure the server, create a system service, and issue your first client — with a config file and a QR code.Add more clients. Each device gets its own config. Run the script again (
Answer the questions
The script will ask for your public IP, the port (default
51820), DNS servers for clients, and the name of the first client. Not sure — press Enter; the defaults work for almost everyone../wireguard-install.sh) — a menu appears: add a client, remove one, or uninstall WireGuard entirely. The script sets up the NAT rules itself.Connecting devices
Install the official WireGuard app and import the config:| Platform | Where from |
|---|---|
| Windows | Installer from wireguard.com/install |
| macOS · iOS | App Store |
| Android | Google Play or the APK from the site |
| Linux | Your distribution’s package manager |
.conf file or scan the QR code. Turn on the tunnel — all traffic goes through your server.
What Lumi handles, and what you do
Lumi handles the server and network: the VPS is up, you have root access, a 10 Gbit/s port, and unlimited traffic. Setting up the VPN software is on you — it’s your personal service. If a port won’t open or the network won’t come up on the server side, message @lumisup_robot.Where to next
Firewall
Open the WireGuard port the right way.
Harden the server
A VPS security checklist.
Another VPN
Amnezia, if WireGuard is blocked.