Why Use a VPS for Privacy?
Your internet service provider sees every site you visit. Public Wi-Fi exposes you to snoopers. A cheap VPS can act as your private gateway, encrypting all traffic and masking your real IP. Unlike commercial VPNs, you control the server — no logs, no third parties.
Choosing the Right Cheap VPS
Look for a provider with KVM virtualization, multiple locations, and at least 1 GB RAM. You don't need much: a single-core CPU and 20 GB SSD are plenty. Prices start around $3–5 per month. Ensure the host allows VPN traffic — some block it. Check their TOS. For extra anonymity you can combine a VPS with proxy services from proxyuniverse.org to hide your origin even further.
Setting Up WireGuard
WireGuard is modern, fast, and secure. We'll install it on Ubuntu 22.04.
Install WireGuard on the Server
sudo apt update && sudo apt upgrade -y
sudo apt install wireguard -yGenerate Keys
wg genkey | sudo tee /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key
sudo chmod 600 /etc/wireguard/private.keyConfigure the Server
Create /etc/wireguard/wg0.conf:
[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = <server-private-key>
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
PublicKey = <client-public-key>
AllowedIPs = 10.0.0.2/32Enable IP forwarding:
echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -pStart WireGuard
sudo systemctl enable wg-quick@wg0
sudo systemctl start wg-quick@wg0Configure Client (Your Device)
Install WireGuard on your laptop or phone. Create a client config:
[Interface]
PrivateKey = <client-private-key>
Address = 10.0.0.2/24
DNS = 1.1.1.1
[Peer]
PublicKey = <server-public-key>
Endpoint = your.vps.ip:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25Import this file into the WireGuard app and activate. Your traffic now routes through the VPS.
Hardening the Server
- Update regularly:
sudo apt update && sudo apt upgrade. - Use a firewall: Only allow SSH (port 22) and WireGuard (51820/udp). Example with ufw:
sudo ufw allow 22/tcp && sudo ufw allow 51820/udp && sudo ufw enable. - Disable password login: Use SSH keys only.
- Monitor logs: Check
/var/log/syslogfor unusual activity.
For additional layers, consider chaining with a proxy from proxyuniverse.org to split traffic or add obfuscation.
Alternative: Use a Script to Auto-Deploy
Projects like Algo or Streisand automate the setup but may offer less control. For a lightweight approach, manual WireGuard install is best.
Cost Comparison
- Cheap VPS: $3–5/month, unlimited bandwidth, full control.
- Commercial VPN: $5–12/month, shared IPs, potential logging.
- Free VPN: Risky — they sell your data.
A cheap VPS gives better privacy and performance for the same price.
Final Tips
- Choose a VPS location close to you for lower latency.
- Use a separate VPS for torrenting if needed.
- Regularly rotate keys and update software.