How to Create Your Own Secure VPN on a VPS: A Step-by-Step Guide

In today's digital landscape, secure and unrestricted internet access is no longer a luxury but a necessity. Public VPN services often suffer from congestion, data leaks, high latency, and frequent blocks. Creating your own personal VPN server on an active VPS is the best alternative, providing 100% privacy, maximum speeds, and complete authority over your web connection.

Step 1: Choose and Order Your VPS

Setting up a VPN server doesn't require massive resources. PicoVPS's budget-friendly entry plans (e.g., 1 CPU Core, 1 GB RAM, 10 GB SSD) are more than enough to handle several concurrent connections smoothly. We highly recommend selecting Ubuntu 22.04 LTS or Ubuntu 24.04 LTS as the OS during checkout.

For bypassing censorship, Amsterdam (Netherlands) is typically the ideal location choice.

Step 2: The Easy Way — AmneziaVPN (No CLI Required)

If you prefer to avoid the terminal console, the open-source client AmneziaVPN is your perfect fit. It is free and takes care of the configuration automatically.

1. Download and install the AmneziaVPN client on your client device (Windows, macOS, Linux, iOS, Android).
2. Launch the app and select "Set up a new server".
3. Input the SSH details of your VPS received after registration:
   • Server IP Address
   • Login username: root
   • Server password
4. Click "Connect". The app will log into the VPS, install Docker, configure the selected protocols (we recommend Amnezia WG or OpenVPN over ShadowSocks for censorship resistance), and build user profiles.
5. Once ready, download the profile file or scan the generated QR-code on your smartphone.

Step 3: The Classical Method — WireGuard via SSH

For advanced users who prefer setting up their stack manually, configure WireGuard via the command line.

1. Log in via SSH

Open your terminal console (or PuTTY on Windows) and run this connection command:

ssh root@your_server_ip

Enter your root password when prompted.

2. Run the Auto-Installation Script

Execute this popular and secure installer helper:

wget -O wireguard-install.sh https://raw.githubusercontent.com/angristan/wireguard-install/master/wireguard-install.sh
chmod +x wireguard-install.sh
./wireguard-install.sh

3. Answer the Wizard Prompts

Press Enter to accept defaults for the majority of configuration settings:

• IPv4 public address: Keep default server IP.
• Public interface: Keep default interface.
• WireGuard IPv4 address: Keep 10.66.66.1.
• Port: Random port or standard 51820.
• DNS: Cloudflare (1.1.1.1) is recommended.

Press any key to complete installation. The script installs WireGuard packages, configures firewall routing, and sets up NAT masquerading.

4. Create the First Client Config

The setup will immediately prompt you to add a new peer:

• Enter client name (e.g., phone).
• Select password type or hit enter for none.

This creates a client .conf file (e.g., /root/wg0-client-phone.conf) and draws a QR-code directly in the terminal interface.

Step 4: Connect Your Client Devices

Mobile Devices (iOS, Android)

Install the official WireGuard app. Tap the add button (+) and select "Scan from QR code". Point your camera to the terminal QR code to import the tunnel configuration instantly.

Desktop Computers (Windows, macOS)

Download the official desktop app. Transfer the .conf file using SFTP (with WinSCP/FileZilla) or output the file content in the terminal:

cat /root/wg0-client-phone.conf

Copy the output, save it as a local text file named vpn.conf on your computer, and import it into the desktop client.

Conclusion

You now have your own fast, dedicated, and highly secure VPN tunnel. Renting a cheap KVM VPS from PicoVPS is more economical than subscriptions and shields you from digital tracking. Pick your perfect server configuration from our main catalog page and set up your private tunnel in less than 5 minutes!