Set Up Your Own Wireguard VPN Server with 2FA in 5 Minutes!

My man has a different haircut every video

Wolfgang, I love your setup! I have used many of your ideas :)
Any chance you can go over your strategies towards home automation and your strategies for keeping them secure/isolated?
I've always wanted to do smart home stuff but am concerned about upstream vendors and how they dictate everything.
Would love to see you make a video on this topic as you usually make these things accessible and easy to understand.

Thank you! Useful, direct content and led to a very engaging lab. It was especially neat to experience Ansible like this! I appreciate the time and effort you put into setting this up for the community.

Wolfgang, thank very much for his very usefull installscript. You have done great work that saves people a lot of time. Keep streaming.

VERY nice video. You have gained a new patreon.
I have had some issues with the new functionalities: Optional DNS-over-HTTPS and hosts-based ad-blocking (Adguard, Unbound and DNSCrypt-Proxy)
But I disabled them on the playbook and everything worked...
It is also worth to mention that there is a GUI for wireguard in linux that came in handy for a noob like me.
Now I would love to know a bit more what else can I do with the server!

Thanks for the DuckDNS recommendation!
I've been using a Raspberry Pi Zero W as my IPSec VPN Server that I use to connect to my home network outside and I've been looking at free dns (and indeed, ddns) services to host the Raspberry pi so I don't have to remember the IP address all the time
This will really help me with my servers, especially my website as I'm trying to make a web server and host my portfolio website on it

Where is the 2FA part? You can log into the VPN without a second authenticator 😲

Chișinău is the capital of Moldova and that is the flag of Moldova, but it's the same color as the Romanian flag so it's easy to confuse them 😉. The difference is that Moldovan flag has the cote of arms (eagle behind a shield) and the Romanian flag does not.
Great video, keep em coming. 👍

Works great now :) thank you for your help and another awesome video Wolfgang :)

Advertisement aside, Oracle Cloud Infrastructure gets you an always-free VPS (or up to 4 ARM-based servers) in many locations around the world with 10 TB limit for outbound traffic. It has some hiccups in ports configuration, but still manageable to manually spin up a VPN in 10 minutes.

Best video on the topic. huge thumbs up. ive followed 5 other guides and the vpn never worked. this one did, so thanks :)

Bro thanks for this, I love it, I installed WireGuard manually but it’s not the same with all the 2FA and the web UI. Thanks a lot!

man how did your channel grow so fast and i didnt even notice.
I mean holy cow you almost have 200k subs and in my head you still had more like 20k subscribers (damn i am stuck in 2019). Congratulations anyway!!!

Hello there. What do you think about Outline as an alternative? As far as I get it does have a UI manager to set up the server.
PS I know the technology is somewhat different but is there a practical difference with WireGuard / OpenVPN for the end user?

Love the content, Wolfgang! Especially the gag on Russia while choosing the VPS is hilarious considering your roots :D

Thanks for making this! I have PIA right now but definitely looking forward to doing this project as well

That's what I wanted to see! You're the man. You're tshirt is 10/10.

and by the way,....du hast mein höchsten Respekt für all deine Expertise und Können in so vielen Bereichen. Absoluter Wahnsinn und nur das Beste für dich. Bitte weiter so und vielen Dank.

When you came out with the original VPN video, I started doing the same thing. Working alone, I miss looking at someone else's code and seeing what cool stuff they're doing with Ansible.

WOW Thanks a lot!!! This project is really the best I have found. Everything is automated what I really love. Second (beside that I have a VPN now) is that I now have finally Fail2Ban and after one day there are already more than 100 IPs banned from trying to login my VPS. Really great solution. Thanks again for your script!!!

Dude, this is the only video that works. Thanks for posting!

I spent a good amount of time yesterday banging my head on the wall trying to replicate this setup trying to avoid your solution with ansible, but I believe now I have seen the error of my ways. This truly took 5 minutes to set up, seems bulletproof, and does everything I want it to (for now 😅). Thanks for the amazing work

Thanks a lot mate, really searching for something like this

I haven't found a single tutorial so far that said they'll paste the commands they use in the description and actually do it. This one included.

Hello thanks a lot for the tutorial!!
Just wondering if there's a way to set up additional layer on top of your playbook for adblocking functionality like wirehole?

Looking good and great video, thank you!

Hello Wolfgang,
I'm using a Mac and when I tried to obtain the ssh key with the command, it shows "connection refused"
what steps should I take fix it?

Does the break or impact the installation of additional containers? I tried to install portainer using known working cmds (including adding port 9000) and for the life of me I can't access the webpage outside of the localhost via domain name and direct IP addr. I've tried multiple things and nothing will work. This is a racknerd VPS install with a registered domain. I finally got WG working after installing Debian 11. Kept getting errors using other distros. Thanks!

Can you access your devices across the vpn network? Like your nextcloud at home on your phone through the vpn without needing ssl?
Or would I need something like netbird for that kind of functionality?

love this setup but before I started i added : Secure shared memory - fstab , Disable Open DNS Recursion - Bind9 DNS, Prevent IP Spoofing, Intrusion Detection, Check for RootKits, SELinux - Apparmor : I hope you keep this project up to date graet work

Extremely high quality guide here!

Hi Wolfgang. Is there any other way than using a VPN to combat DoS/DDoS attacks? (That is really all I need it for)

How do you edit VPN seeting after install? Recently I am unable ot repost on X, but if i use other VPN's repost works fine? Sometimes I am unable to access Netflix using my VPN? Is there a wash to fix or hide that it is a VPN? Or what are paid VPN doing differently that they work and mine will not?

Well done Bud! Any advice on installing behind an Nginx Reverse Proxy manager pls? My SSL's faling, and i do have the fqdn pointing at the vpn server ip on port 80...?

Thanks for the guide, very helpful and it definitely got me going. As a matter of fact, I have it up and running for my small business employees to connect to the machines at work, which is great. What I changed is to have Authelia use the LDAP backend instead of the file backend in your OG repo against my LDAP server at work, and it worked fine. But as far as I can tell, Authelia just authorizes a user in regards to wg-easy; once a user logs in, wg-easy shows the same list of configs, which is shared between whoever might log in. For a small business, this is not the end of the world, but it would be really useful to somehow have users see only the configs they "own". Is it possible with the current solutions or should I look elsewhere? wg-easy is simple and looks great to me, but I am afraid that it might be too simplistic in its architecture for what I am trying to achieve. Anyway, great video, thank you very much, it taught me a couple of things, which I am always very appreciative for.

Do you happen to know how can I fix the Deceiptive site ahead warning on authelia login page?

Hi Wolfgang, ich befinde mich aktuell auf dem Graphen vom Dunning-Kruger-Effekt an der Stelle, an der die harte Realität zugeschlagen hat und ich mich langsam aufbaue.
Deswegen wollte ich fragen, ob man das auch mit einem normalen Raspberry Pi Homeserver anstellen kann? Eigentlich eine offensichtliche Antwort, aber ich wollte gerade bei solchen Dingen keine Risiken eingehen.

I do like this security setup as a baseground,
¿Is there any flaw on DMZ all my home-router traffic through a NUC using this playbook?
I was able to setup a VPN following the tutorial and would like to implement it also as a VPN for my home-LAN, but not sure about the security implications of this idea..

Do you know if it’s possible to just send the dns traffic through the vpn?
So to use the vpn only as DNS Blocker with adguard.

If we have a server with Debian11 operating system. We can use wirguard?
Because there was no place to specify KVM at all

Thank you so much for this tutorial! Pretty much every single VPN in Russia is blocked by the government (even paid ones), so creating your own is the only option left.

Ansible did not run on Ubuntu-20-04 but Debian 11 Bullseye worked well! Nice Job. I used RackNerd.

Hey, total noob here.
Just wondering what passphrase do you need to put in at 7:50? Literally everything I've tried returns either the same "enter passphrase" prompt or goes straight to "enter hostname@IP password".
I'm using windows PS and ubuntu 20.04.

Great tutorial Wolfgang. Quick question -> how do I expose the Adguard Docker instance to the host? As in how do i use the host as my DNS server assuming I'm running a VM within my home network?

Folowed your tutorial toa T. Works great, but now as of late I can not access Netflix or CZcams from this VPN. I can access them from another VPN like ProtonVPN. This leads me to believe it is firewall or some other setting that need to be changed? How do I go about changing those on the VPN or finding what needs to be changed?

Can i run the shell script that you showed in the video on a laptop and use the laptop to host my VPN Server?

might be a stupid question but how do i relog onto my server in terminal after having closed it. When i do ssh root@(my ip) i get "permission denied(publickey)"

Nice tutorial but I have a question about the limitations we can put on user usage , for example I want to limit a user usage to 10gb and if he reached that , the config file we get him should stop working, how can we do it

The 2FA doesn't work anymore dude. Instead of a link I receive a code which doesn't work.

Hello. I've got one question: When I run the script, I can setup some preconfigured DNS Servers. I picked Cloudflare, because I leave all default. Is Cloudflare in this Setup encrypted with DoT or DoH? Or will the DNS Traffic go in plain text to cloudflare?

outstanding wolf thx to u and all your buds

do you use a mist filter? I like the bloom cinematic effect. Can you tell me what color space u use, what gamma, and if u use luts, what lut do u use, I really like your color grading.

Great video! I enjoy your content.
Keep going!
Just out of curiosity: would it be possible to also automate the server deployment (for example with Linode)?
Then you could completely automate the process …

hallo wolfgang, bei der installation lief alles gut bis auf den punkt show_2fa bekomme nichts angezeigt?!

After installing the script, I can't connect via SSH to the server.
During the installation process, when asked if there is an SSH key, I pressed "n". How do I get SSH access?

Great instructions. Thank you very much! (Almost) everything worked right away. However: After entering the 2FA there is no forwarding to the Wireguard GUI. Do you have any tips on how I can proceed? Best regards.

Thanks for your explanation. i reached to the playbook setup then my internet disconnect and i exit out of the server. Can you plz give me the command for playbook to start from cuz i searched on google and all explain how to setup for playbook and i get confused and i don't want to miss things up. Thanks

what am i supposed to do in the 2fa part, i tried navigating manually to the page but i doesn't work

I would love to get a part 2 on setting up whmcs for automating sales for using the vpn.

I have an Issue deploying this in Ubuntu 20.04, the problem is that when everythig is finished (and show no errors) I can't get in into the URL of destination. I run an NMAP and saw the port 443 and 80 closed. Any thougts?

Club Penguin was an unexpected pleasure to watch

Thank you for the perfect guide - I was easy able to set it up with the same provider. Unfortunately one hope to get a hurdle free access to US Netflix didn't work out as the domain range seems already to be blocked by Netflix - could you check this with your setup?

very lovely and useful set up !

hey, after running through the installer, I can't connect to my vps anymore. I've reset the vps a bunch of times and it always disconnects at this stage and the password or credentials don't work

What should you enter when it says enter phasphrase for key?

This is the best one Wolfgang.

My wireguard web client says "There is an update available!...Updated to Node.js v18". How do I processed.

Hi Wolfgang, Awesome video! I just ran your instructions and everything proceeded smoothly! Wireguard client connects as well but unfortunately I cannot browse anything. Since the internet is heavily restricted in my location, I believe the government has somehow managed to block wireguard connections. Do you have any suggestions? Does changing port helps with that? if so how could it be done? Thanks again, Amazing walk-through!

Thank you so much for making this video! Im new to the linux side of the house and this script worked for deb10/11 but failed on 12.4 bookworm with a repo/release error for me. Currently trying to fix!

7:57 I think my system didn't reboot and I'm still logged into my VPS. Is it ok?

Does your playbook script disable browser logging?

I was able to follow until 8:21 where I receive an internal server error 500, is there a reason why?

Nice video. Unrelated to content, but can you share the font that you're using in your terminal? It's great!

would you recommend this setup for someone being behind the Great Firewall China, respectively the current still active and certainly ongoing blocking activities? Any hint and experience is very appreciated. Thank you for your great video and work. smart guy.

Excellent tutorial. Ran into an issue when running the playbook on step "Update and upgrade apt packages". The VPS I purchased was short on memory. Increased the Swap file size on Ubuntu to get past it. Hope this helps someone

Hi Wolfy, maybe you can answer this question. What is the advantage of using a VPN if the VPN company may get served a warrant and have no choice but to comply to give all the IP and logs that went through their VPN to authorities ?

Hello Wolfgang, I just came across you channel! EXCELLENT videos ... :-) Thank you very much for taking time to share your expert knowledge! I did learn a lot and reflect some of my ideas. I was investigating how it is possible to set up a docker stack on a VPS which run's WireGuard, AdGuard and Unbound. There is some examples around to have guidance. I was wondering what your opinion of this setup is, as you did not include the AdGuard/Unbound in your playbook. Thank you for you time and thoughts!

Is it possible to bind a torrent application in a docker container to the VPS?

Tried all in accordance with tutorial (even picked up the same VPS provider) but WireGuard works a bit janky for me (drops the connection every 2-3 hours while server stays live). Slow connection (10-15 minutes before it establishes stable connection)on the phone when switching from cellular to my work/home Wi-Fi network and the last, why some websites stopped working (androidpolice or AliExpress) or slow to load? Any advice?

Great video! Will try this out during the weekend. Suggetion: similar ansible playbook for deploying vaultwarden?

Hello, I setup my VPN using the steps in the video, but my phone had to be reset and I lost my 2FA, how do I login to wireguard now?

After inputting the Domain name using duckdns the script hangs, it gives no error and doesn't ask for anything else. It sits this way for over an hour doing nothing. I've tried using both Debian and Ubuntu.

When installing this on my raspberry pi 3b with raspbian 32 lite he gives an error about cryptograph installation. I added the PATH and manual installed rust. But he keeps giving this error. Any idea how to solve this?
Update: it is (kinda) working when using 64 bit of Raspbian OS Lite. After adding domain he gives an error that certbot is not found. After installing certbot it all seems ok. Just to let other people know

maybe outside of the scope of this video, but im trying to run the playbook on a self hosted ct on proxmox and it just keeps failing. ubuntu and debian are both failing at different stages, i can post what the failures are if its at all relevant. basically just wondernig if this will work for a self hosted setup or if i would need to make some changes, or just stick to a vps. thanks for making this for people like me though.

I want to use wireguard VPN with each peer have their static public ipv4.
I want to take a dedicated server with 256 IP so all the 254 IP can be given to each client. Is it possible with wireguard?
Thanks

In case someone else hits this problem.
Just ran the script on a Ubuntu 23.10 linode vm and it hung on the docker installation. Couldn't find docker-ce. I rolled my vm back to 23.04 and everything worked well. I tried manually installing docker before running the script and still had problems.

Wolfgang, I finished the complete setup but after I put in the 2fa part, it stays on that screen and won't redirect me like it's supposed to. Is there something I'm doing wrong? You recently updated the github and not all of the steps lined up

for me it is stuck in login page saying one time password "authenticated" but it is not redirecting me to the panel

Hi Wolfgang, your solution amazing and very easy to install. BTW do you have any ideas how to connect wireguard VPN to ldap server?

Hey Wolfgang I like your new hair. Reminds me of my beloved Big Jim figure back in the day. How do the chicks react? They must go wild.

I legit still use the Raspberry Pi VPN guide. I’m even connected to it watching this video.

I can't properly remove it as after deleting file it prompts me that direnv is not installed. Please help thanks.

Is there anyway to keep it from disabling root login? I use my vps for other things besides wireguard.

Is there any option to configure the VPN as layer 2 instead of Layer 3

Thank you for the amazing content Wolfgang!
I am not familiar with setting up a VPN at all and I found this video to be perfect for people like me.
Unfortunately though, after establishing the connection with my Macbook, when I try to browse literally any website, it keeps loading then I get the error: "ERR_CONNECTION_TIMED_OUT" on Chrome.
I have tried everything: from disabling by Firewall temporarily on Mac to setting up the VPN on my iPhone and trying from there, but no luck, always the same result.
I feel I'm so close to get it done, but don't understand what I'm missing and searching on Google didn't help.
Can you please point me in the right direction?

Hey, thanks for a great tutorial! I'd really appreciate to see more about bunkerweb, you didn't mention it in this video, but it's in your playbook.

It shows this error when introducing the second one at the end
fatal:[localhost]:failed msg; path /root/.bashrc does not exist rc;257

Hello everyone! after trying to install this vpn on an AWS ubuntu had an issue after entering the domain name. what should i do to fix this? Running certbot in dry-run mode to test the validity of the domain...
sudo: certbot: command not found
sudo: certbot: command not found

Awesome stuff! thank you!

Thanks a lot. Its working as it supposed to. I have one question. Is it possible to use this metod to create tunnel to my home network? Run Ubuntu server on some PC inside my network (or VM) did the same but without a remote VM and use it to remote connecto to my LAN?