How to install Wireguard on Netflix VPS?

11 Comments

5 mins Read

install wireguard on VPS

The purpose of this guide is to document the steps I take to set up Wireguard and Unbound on a Netflix VPS to unblock Netflix titles available in certain locations, for example, I’m living in the states but wanted to watch these decent Netflix titles only available in the UK. You can also use this tutorial if you wanted to watch Netflix in any of our available locations.

After completing this tutorial, you will have:

  • A VPN that will provide an encrypted connection using wireguard. It works on almost every ISPs around the world and can cross GFW and Iran’s Filternet easily. Also, It can bypass UAE VoIP blocks too so you can use it for unblocking WhatsApp voice or video calls in Dubai since wireguard encrypts UDP connections as well.
  • It won’t leak your DNS like major VPN setups so you can access Netflix, Hulu, and similar geo-restricted websites and services.

What is Wireguard?

install wireguard on netflix vps

WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec while avoiding massive headaches. It intends to be considerably more performant than OpenVPN.

What is Unbound (DNS Server)?

Unbound is a validating, recursive, and caching DNS resolver product from NLnet Labs. It is distributed free of charge in the open-source form under the BSD license.

The steps you need to take before installing Wiregurad VPN

In order to follow this tutorial, you will need to have a Netflix VPS with at least 1GB of memory, although I would personally recommend at least 2 GB if you plan on having a large number of clients. This guide assumes that you are using Ubuntu 18.04.

Linux VPS Hosting

Get yourself an economy or premium Linux VPS for hosting your website or remote desktop, at the cheapest price out there. VPS Running on Linux KVM for increased efficiency and working on powerful hardware with NVMe SSD storage for increased speed.

Check Out Linux VPS Plans
Linux VPS Hosting

Other distros will most likely work, but I have only tested the steps covered in this tutorial on Ubuntu 18.04.
Also, I recommend you to order yours from our ubuntu VPS page since Netflix blocks all major companies in the industry like digitalocean and vultr by IP. We’re happily announcing that all our IPs are working with Netflix as of today (July 2019). Also, we have a guide on how to order a vps.

How to install VPN on Netflix VPS?

install vpn Netflix vps

By taking the following steps you will be able to set up a Wireguard VPN on your Netflix VPS. Then you can enjoy all the programs on Netflix that are only available in certain locations like the UK.

Initial Server Setup

I will be using 

ssh

to remotely log into the Netflix VPS and configure it. If you are on a Unix-based operating system, it should already be installed. If you are Windows 10, the best option is installing Windows Subsystem for Linux (WSL) which is very easy to install and native. You may need to install PuTTY in older versions of windows.
Also, I assume that you are using a valid hostname for your Netflix VPS.

Basic SSH Security Setup

Make sure you know your server’s IP address and login credentials. If you ordered from us you can find this info in our welcome email.

Generate RSA Keypair

Open a terminal (or command prompt) and run:

ssh-keygen

type a name like wireguard and hit the enter. It will then asks for a passphrase which you can leave it blank by pressing enter twice.

“Enter file in which to save the key (C:Userskevin/.ssh/id_rsa): wireguard
Enter passphrase (empty for no passphrase):
Enter same passphrase again: Your identification has been saved in wireguard.
Your public key has been saved in wireguard.pub.
The key fingerprint is: SHA256:PM9TZc0TMO9Iqqq7NC0E+qn32vZp6WELRrFmAc9sw5Y”

Copy the public key

cat C:Usersamirwireguard.pub | ssh [email protected] "mkdir ~/.ssh; cat >> ~/.ssh/authorized_keys

Or

ssh-copy-id [email protected]

Then you will see something like this:

The authenticity of host ‘netflix.routerhosting.com’ can’t be established. RSA key fingerprint is SHA256:CKp1RW2qe1YEFtz6HOZz3lJnMxYsJm03cH6uGKDnyC8. Are you sure you want to continue connecting (yes/no)?

Type yes to accept the RSA key fingerprint and then provide the root password. Now try to ssh with your key:

ssh -i wireguard [email protected]

Then you will see this:

C:Usersamir>ssh -i wireguard [email protected]
Welcome to Ubuntu 18.04 LTS (GNU/Linux 4.15.0-22-generic x86_64)

  * Documentation: https://help.ubuntu.com
  * Management: https://landscape.canonical.com
  * Support: https://ubuntu.com/advantage

Last login: Wed May 30 03:03:29 2018
[email protected]:~#

Linux VPS Hosting

Get yourself an economy or premium Linux VPS for hosting your website or remote desktop, at the cheapest price out there. VPS Running on Linux KVM for increased efficiency and working on powerful hardware with NVMe SSD storage for increased speed.

Check Out Linux VPS Plans
Linux VPS Hosting

Disable Passphrase Authentication

Since passwords are about to become obsolete we have to disable this old mechanism:

sed -ie 's/#?PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
sed -ie 's/#?PermitEmptyPasswords yes/PermitEmptyPasswords no/' /etc/ssh/sshd_config

If you matter security too much you can disable root and create a sudo user but that is out of this tutorial

Installing updates

apt update && apt upgrade -y && reboot

it will take few minutes to update and then reboot. Choose “Yes” when it asks for “restart service when the package upgrades without asking”. Update GRUB (install package maintainer’s version) and select both devices with spacebar and hit enter. Keep the local version of /etc/sshd_config and after all this, you have to wait a few seconds for reboot and then ssh to your server again.

Unattended Upgrades

This step is optional and you can skip it but you can enable & set up Automatic Unattended Security Updates. Here is the guide from the official website.

Install Unbound

apt install -y software-properties-common curl unbound unbound-host
curl -o /var/lib/unbound/root.hints https://www.internic.net/domain/named.cache

Configure DNS Server

This section is taken from this guide. Run:

nano /etc/unbound/unbound.conf

To open the unbound config file. Use Ctrl+K to delete all contents and paste the following. Press Ctrl+X and type “y” to save the changes.

server:

  num-threads: 4

  #Enable logs
  verbosity: 1

  #list of Root DNS Server
  root-hints: "/var/lib/unbound/root.hints"

  #Use the root servers key for DNSSEC
  auto-trust-anchor-file: "/var/lib/unbound/root.key"

  #Respond to DNS requests on all interfaces
  interface: 0.0.0.0
  max-udp-size: 3072

  #Authorized IPs to access the DNS Server
  access-control: 0.0.0.0/0                 refuse
  access-control: 127.0.0.1                 allow
  access-control: 10.99.97.0/24         allow

  #not allowed to be returned for public internet  names
  private-address: 10.99.97.0/24

  # Hide DNS Server info
  hide-identity: yes
  hide-version: yes

  #Limit DNS Fraud and use DNSSEC
  harden-glue: yes
  harden-dnssec-stripped: yes
  harden-referral-path: yes

  #Add an unwanted reply threshold to clean the cache and avoid when possible a DNS Poisoning
  unwanted-reply-threshold: 10000000

  #Have the validator print validation failures to the log.
  val-log-level: 1

  #Minimum lifetime of cache entries in seconds
  cache-min-ttl: 1800 

  #Maximum lifetime of cached entries
  cache-max-ttl: 14400
  prefetch: yes
  prefetch-key: yes

Now Run:

chown -R unbound:unbound /var/lib/unbound
systemctl enable unbound

Install Wireguard

add-apt-repository -y ppa:wireguard/wireguard
apt-get update 
apt-get install -y wireguard && reboot

Install Docker CE

This section covers install docker ce using the repository:

# Install Docker CE

apt-get install
apt-transport-https
ca-certificates
curl
gnupg-agent
software-properties-common

# Add Docker’s official GPG key

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
apt-get update
apt-get install docker-ce docker-ce-cli containerd.io -y

# Test docker installation

docker run hello-world

Install Subspace

This section covers how to install subspace inside a docker container. Make sure to change the –env SUBSPACE_HTTP_HOST to your publicly accessible domain name.

# Load modules

modprobe wireguard
modprobe iptable_nat
modprobe ip6table_nat

# Enable IP forwarding

sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv6.conf.all.forwarding=1

Make sure to change the –env SUBSPACE_HTTP_HOST to your publicly accessible domain name. Your data directory should be bind-mounted as `/data` inside the container using the `–volume` flag. 

mkdir /data
docker create --name subspace --restart always --network host --cap-add NET_ADMIN --volume /usr/bin/wg:/usr/bin/wg --volume /data:/data --env SUBSPACE_HTTP_HOST=netflix.routerhosting.com subspacecloud/subspace:latest
docker start subspace

Configure kernel modules to load at boot

To survive a reboot we need to load kernel modules at boot.

nano /etc/modules-load.d/subspace.conf

Paste the following and save the file:

wireguard
iptable_nat
ip6table_nat
Linux VPS Hosting

Get yourself an economy or premium Linux VPS for hosting your website or remote desktop, at the cheapest price out there. VPS Running on Linux KVM for increased efficiency and working on powerful hardware with NVMe SSD storage for increased speed.

Check Out Linux VPS Plans
Linux VPS Hosting

Conclusion

If you take all the steps mentioned in this article you should be able to watch other locations’ TV Shows, documentaries, movies, and all other interesting things that Netflix offers, and those are not available in your location. Routerhosting offers various plans at a really affordable cost in more than 15 locations around the globe. So to make your way to watch all the things you want you can consider checking our Linux VPS plans.

1
2
A Web designer, with Experience in digital marketing , Totally fueled by passion to understand and learn different aspects of digital marketing.

Comments

Leave A Comment

11 thoughts on “How to install Wireguard on Netflix VPS?”

  1. I am living in germany and I bought a vps with UK ip address and it actually works. Now I have access to the contents that are UK only.

  2. One of the good things that you are offering with your Netflix VPS is wireguard. I have used it and I think it is one of the best VPNs out there. Although I use open vpn for majority of my work but for this certain task wireguard suits better

  3. Along with open vpn, pptp and sstp, wireguard is a rather new comer VPN to the world. I have my doubts about it but I should definitely try it out since there are a lot of words around it

  4. I got this website from my friend who told me regarding this website and now
    this time I am visiting this web page and reading very informative posts at this time.

  5. I live in Netherlands and I needed to have a US ip for my work and I wanted to watch US Netflix too. I got my VPS from routerhosting and I should thank you for this step-by-step tutorial. I followed the steps and everything is working super.

  6. What is the difference between Wireguard and other VPNs like Open VPN or Psiphone? I mean couldn’t we use one of those instead of Wireguard to connect to Netflix?

Leave a Reply

Your email address will not be published. Required fields are marked *