List of Articles Icon

Knowledge Base

Guides and answers for your VPS, the client area, and billing

Running your own VPN on your VPS (WireGuard)

What this is

Your own VPN server: your devices connect to your VPS and route their internet traffic through it, encrypted from the device to the datacenter. A personal VPN for your own use is explicitly allowed and is one of the most popular uses of a small plan (the required TUN/TAP support is already enabled). The line to respect: personal, running a VPN or proxy service for other people is not allowed.

What it gives you, honestly stated:

  • Privacy from the network you're on: hotel Wi-Fi, airports, ISPs that snoop or throttle, they see only encrypted traffic to your VPS.
  • A stable, known exit IP: useful for IP-allowlisted services (your own servers included) and for a consistent location while traveling.
  • Not anonymity. The VPS's IP is yours, on your account; a self-hosted VPN moves trust from the coffee-shop network to your own server, it doesn't make you anonymous, and commercial "no-logs" theater isn't the product here.

The ten-minute setup

The community-standard wireguard-install script (by Nyr) handles server setup, keys, forwarding, and client management:

wget https://git.io/wireguard -O wireguard-install.sh
bash wireguard-install.sh

Accept the defaults (UDP 51820), name your first client, and it prints a QR code, open the WireGuard app on your phone (iOS/Android), "Create from QR code", scan, toggle on. Done. For laptops, the script writes a .conf file, import it into the WireGuard client (or wg-quick up on Linux).

Re-run the script any time to add a client per device (one profile per phone/laptop, so a lost device is revoked by deleting its client, same logic as SSH keys), or to remove one.

Two housekeeping notes: if you run your own firewall, allow 51820/udp (the script handles its own rules on a default setup; our edge firewall doesn't block VPN ports). And prefer the script's defaults unless you know why not, it configures DNS through the tunnel correctly, which hand-rolled setups often miss.

Verify it, including DNS

With the VPN on, check two things from the connected device:

  1. Your visible IP is the VPS's, any "what is my IP" site.
  2. DNS isn't leaking: dnsleaktest.com (or browserleaks.com/dns) should show resolvers consistent with your tunnel, not your home ISP's. A leak means DNS queries escape the tunnel, the privacy hole people don't notice; the script's default config avoids it, custom configs should set DNS = in the client profile.

The traffic math

Routed VPN traffic crosses your VPS twice, in from your device, out to the destination, so a gigabyte browsed is roughly two gigabytes against your monthly allowance. Generous plans make this a non-issue for normal browsing; heavy streaming through the tunnel is where the math starts to matter, watch the Graphs the first month.

When WireGuard won't connect: the OpenVPN fallback

Some restrictive networks (corporate guest Wi-Fi, certain hotel setups) block unfamiliar UDP entirely, and WireGuard is UDP-only. The classic workaround is a parallel OpenVPN setup via the sibling openvpn-install script, configured on TCP port 443, indistinguishable from HTTPS to most middleboxes, slower than WireGuard, but it connects where nothing else will. Run both; use WireGuard by default and the 443 fallback when a network fights you.

Still need help?

You can open a support ticket. So we can help on the first reply, it's worth mentioning:

  • the VPS hostname or IP,
  • the client device,
  • where it fails (importing the profile, the handshake, or no internet through the tunnel).
  • "Can I run a VPN on my VPS, and is it allowed?"
  • "How do I set up WireGuard on my VPS?"
  • "How do I add my phone to my VPN (QR code)?"
  • "Does a self-hosted VPN make me anonymous?"
  • "How much bandwidth does a VPN use (does traffic count twice)?"
  • "What if a network blocks my WireGuard connection?"
Last reviewed: 2026-07-02