Running your own VPN server on a VPS gives you something that no commercial VPN service can match: complete control. You decide where your traffic exits, what gets logged, who has access, and how the server is configured. There is no third party sitting between you and the internet, no shared IP addresses with thousands of other users, and no trust required in a company's privacy claims.
Commercial VPN services have their place, but they come with inherent tradeoffs. You are trusting the provider not to log your traffic, sharing IP addresses with other users which can lead to captchas and blocked access on many websites, and paying a recurring subscription for a service you could run yourself for less money. A VPS based VPN eliminates all of these issues.
This guide walks through setting up your own VPN server on a Linux VPS using WireGuard and OpenVPN. Both protocols have their strengths, and the right choice depends on your specific needs.
Why Host Your Own VPN on a VPS
The most compelling reason to self host a VPN is privacy. When you use a commercial VPN, you are shifting your trust from your ISP to the VPN provider. You have no way to verify their no logs claims, and multiple VPN companies have been caught logging user data despite promising otherwise. With your own VPN server, the only logs that exist are the ones you choose to create.
Performance is another significant advantage. Commercial VPN servers are shared among thousands of users, which means bandwidth and latency vary depending on how many people are connected at any given time. Your own VPN server on a VPS has dedicated bandwidth that you do not share with anyone. If your VPS has a 1Gbps connection, your VPN connection can use all of it.
IP reputation matters more than most people realize. Commercial VPN IP addresses are widely known and frequently blacklisted. Netflix, banking sites, and many other services actively block traffic from known VPN providers. A VPN running on your own VPS uses a clean IP address that is not associated with any VPN service, so you do not encounter these blocks.
Cost is often comparable or cheaper. A basic VPS suitable for running a VPN costs between three and eight dollars per month. Most commercial VPN subscriptions cost five to twelve dollars per month. For the same price or less, you get a full VPS that can run your VPN plus any other services you want.
Choosing the Right VPS for a VPN Server
A VPN server does not need much in terms of CPU or RAM. The encryption and decryption of traffic is handled efficiently by modern processors, and even a single core VPS with 1GB of RAM can handle a personal VPN with ease. What matters most is network quality.
Location determines your exit IP. Choose a VPS location based on where you want your traffic to appear to come from. If you want a US IP address, get a VPS in the United States. If you want a European IP, choose a European data center. Some people run multiple VPN servers in different locations and switch between them as needed.
Bandwidth allocation matters. VPN traffic is essentially a mirror of your internet usage. If you stream video, download files, or browse heavily, all of that traffic passes through your VPN server. Make sure your VPS plan includes enough bandwidth for your usage patterns. Unmetered or high bandwidth plans are ideal for VPN use.
Network quality affects your experience. A VPS with a 1Gbps port but poor peering will give you a worse VPN experience than one with a 500Mbps port and excellent peering. Look for providers that connect to major internet exchanges and have low latency to your physical location.
A Linux VPS with 1GB of RAM, a single core, and a 1Gbps connection is more than sufficient for a personal VPN server. If you plan to share the VPN with family or a small team, 2GB of RAM gives you comfortable headroom.
Setting Up WireGuard VPN on Your VPS
WireGuard is the newer of the two major VPN protocols and has quickly become the preferred choice for most self hosted VPN setups. It is faster, simpler to configure, and uses modern cryptography that is considered more secure than the older protocols used by OpenVPN.
WireGuard runs as a kernel module on Linux, which means it handles encryption at the kernel level rather than in userspace. This results in significantly lower CPU overhead and higher throughput compared to OpenVPN. On a modern VPS, WireGuard can easily saturate a 1Gbps connection without breaking a sweat.
To install WireGuard on Ubuntu or Debian, start by updating your system packages and installing WireGuard.
Next, generate the server's private and public key pair. These keys are used for the cryptographic handshake between the server and clients.
Create the WireGuard configuration file at /etc/wireguard/wg0.conf. Replace the PrivateKey value with the contents of your server_private.key file.
Enable IP forwarding so your server can route traffic from VPN clients to the internet.
Start WireGuard and enable it to run on boot.
For each client device, generate a separate key pair and add a Peer section to the server configuration. The client configuration includes the server's public key and endpoint address.
After adding a new peer to the server configuration, reload WireGuard with sudo systemctl restart wg-quick@wg0. The client can then connect using the WireGuard app available on Windows, macOS, Linux, iOS, and Android.
Setting Up OpenVPN on Your VPS
OpenVPN has been the standard self hosted VPN solution for over two decades. It is more complex to configure than WireGuard, but it offers greater flexibility in terms of authentication methods, encryption options, and compatibility with older devices and networks.
OpenVPN runs in userspace rather than as a kernel module, which means it has higher CPU overhead than WireGuard. On a modern VPS this is rarely a problem for personal use, but if you are running a VPN for a team of 20 or more simultaneous users, the difference becomes noticeable.
The easiest way to set up OpenVPN on a fresh VPS is to use the community installation script that automates the entire process.
The script walks you through the configuration interactively. It asks for your preferred port, protocol (UDP is recommended for performance), DNS provider, and encryption settings. For most users, the default options are appropriate.
Once the installation completes, the script generates a client configuration file with an .ovpn extension. Transfer this file to your device and import it into the OpenVPN client application. The client apps are available for every major platform including Windows, macOS, Linux, iOS, and Android.
To add additional clients, simply run the installation script again and select the option to add a new user. Each client gets their own certificate and configuration file, which makes it easy to revoke access for a specific device without affecting others.
WireGuard vs OpenVPN: Which to Choose
For most people setting up a personal VPN in 2026, WireGuard is the better choice. It is faster, uses less CPU, has a smaller attack surface due to its minimal codebase, and is significantly easier to configure and maintain.
Choose WireGuard if: you want the fastest possible VPN connection, you are setting up a personal or small team VPN, you value simplicity in configuration, or you are running the VPN on a lower spec VPS where CPU efficiency matters.
Choose OpenVPN if: you need to connect from networks that block non standard protocols (OpenVPN can run on TCP port 443 to look like HTTPS traffic), you need compatibility with older devices or corporate networks, or you require advanced authentication features like LDAP integration.
There is nothing stopping you from running both on the same VPS. WireGuard uses UDP port 51820 by default, and OpenVPN can run on a different port. This gives you the speed of WireGuard for daily use and the compatibility of OpenVPN as a fallback.
Securing Your VPN Server
Running a VPN server means your VPS becomes a gateway for all your internet traffic. Securing it properly is essential.
Keep the system updated. Run unattended upgrades or manually update your VPS regularly. Security patches for the kernel and networking stack are particularly important for a VPN server.
Use a firewall. Configure ufw or iptables to only allow traffic on the ports you need. For a WireGuard VPN, that means SSH (port 22 or a custom port) and WireGuard (port 51820). Block everything else.
Disable password authentication for SSH. Use key based authentication only. This eliminates the risk of brute force attacks against your SSH login.
Monitor your server. Set up basic monitoring to alert you if the VPN service goes down or if there is unusual traffic. Tools like fail2ban can automatically block IP addresses that attempt to brute force your SSH connection.
Use DNS leak protection. Configure your VPN clients to use a specific DNS server (like 1.1.1.1 or 9.9.9.9) rather than your ISP's DNS. This prevents DNS queries from leaking outside the VPN tunnel and revealing your browsing activity.
Advanced Configuration Tips
Once your basic VPN is running, there are several optimizations that can improve your experience.
Split tunneling allows you to route only specific traffic through the VPN while letting the rest go directly through your local internet connection. This is useful if you want to protect your browsing but do not want to route bandwidth heavy activities like streaming through the VPN. In WireGuard, you control this by adjusting the AllowedIPs setting in the client configuration.
Multi hop VPN routes your traffic through two or more VPN servers for additional privacy. You can set this up by running WireGuard on two VPS instances in different locations and configuring the first to forward traffic to the second. This adds latency but makes traffic analysis significantly more difficult.
Kill switch configuration ensures that if the VPN connection drops, your device does not fall back to your regular internet connection and expose your real IP address. Most VPN client applications include a kill switch option. On Linux, you can implement this with iptables rules that block all traffic except through the VPN interface.
Best VPS Locations for a VPN Server
The location of your VPN server determines your apparent location on the internet and affects your connection speed. Choose based on your primary use case.
For general privacy and fast speeds, choose a server location close to your physical location. A VPS in the United States works well for users in North America. The shorter the distance between you and the VPN server, the lower the latency and the faster your connection.
For accessing region locked content, choose a server in the relevant country. A European VPS gives you access to EU content and services. Some users maintain VPN servers in multiple locations and switch between them depending on what they need to access.
For maximum privacy, consider an offshore or crypto VPS in a jurisdiction with strong privacy laws. Paying with cryptocurrency adds an additional layer of privacy since there is no direct link between your payment method and the server.
The Bottom Line
Setting up your own VPN server on a VPS is one of the best investments you can make in your online privacy and security. It takes about 15 minutes to set up, costs less than most commercial VPN subscriptions, and gives you complete control over your traffic and data.
WireGuard is the recommended protocol for most users due to its speed, simplicity, and modern security. OpenVPN remains a solid choice for situations that require maximum compatibility or the ability to disguise VPN traffic as regular HTTPS.
A basic Linux VPS with 1GB of RAM and a 1Gbps connection is all you need to get started. The setup process is straightforward, the ongoing maintenance is minimal, and the privacy benefits are immediate.
Ready to Deploy?
Get a high performance VPS with instant setup, full root access, and 24/7 support.