I used to use a personal OpenVPN server but I was never okay with its speed even though I tuned & enhanced the server configurations but still it wasn't good enough.

Then I heard about WireGuard and how fast and secure it is from my friend Mina so I decided to give it a try so I used Mina's Ansible Playbook to install and configure a WireGuard server.

I created a $5 instance in DigitalOcean with CentOS 7 and I downloaded the playbook on my laptop ( you have to have Ansbile installed ):

$ ansible-galaxy install mina-alber.wireguard-ansible

Then I modified the hosts_inventory file with the server info :

[all] wireguard ansible_host=[IP_ADDR] ansible_port=[SSH_PORT] ansible_user=root

And I started the script :

$ ansible-playbook -i hosts_inventory wireguard.yml

It took only 5 minutes and my WireGuard VPN Server was ready.

Now SSH to the server and run the following command :

$ wg show

And you should get an output like this :

[[email protected] ~]# wg show interface: wg0 public key: 0c916OHwwAbP71I9UBFpddIsPH8MyTSifhLad+gy4GY= private key: (hidden) listening port: 51820

Copy the public key because we'll need it later for the client configuration.

Then I installed WireGuard Tools on my MacOS which has the WireGuard Client to connect to the server :

$ brew install wireguard-tools

And I used it to generate a key for my laptop :

$ wg genkey | tee privatekey | wg pubkey > publickey

And I created a configuration file inside my home dir but you can create anywhere /Users/morxander/wg.conf :

[Interface] Address = 10.0.0.2/32 #select an unreserved IP PrivateKey = [[YOUR_PRIVATE_KEY]] DNS = 8.8.8.8 [Peer] PublicKey = [[SERVER_PUBLIC_KEY]] AllowedIPs = 0.0.0.0/0 Endpoint = [[SERVER_IP]]:51820 PersistentKeepalive = 25

Replace the [[YOUR_PRIVATE_KEY]] with the key inside the privatekey file, [[SERVER_PUBLIC_KEY]] with the public key which we got from wg show command on the server and [[SERVER_IP]] with the server IP.

Now SSH to the server again and edit WireGuard config file /etc/wireguard/wg0.conf and add your client block :

[Peer] PublicKey = [[YOUR_PUBLIC_KEY]] AllowedIPs = 10.0.0.2/32

And replace [[YOUR_PUBLIC_KEY]] with the key inside the publickey file.

And finally restart the service on the server :

And now let's connect to your VPN server.

On your local machine :

$ wg-quick up /Users/morxander/wg.conf

And congratulations you're connected now to your new VPN server. You can get your current IP :

$ curl https://wtfismyip.com/text

And now I can watch the US Netflix content without paying to a 3rd part VPN service.