To install Wireguard on a OpenVZ vps the easiest way is to do the following steps:

Step 1: Get a VPS with Ubunbu 20.04

Step 2: Install Boringtun.

You will need to be sure the TUN interface is enabled for your VPS in your control panel for your VPS, or this wont work.

# apt update && apt install curl cargo — Installs Rust and the Rust installer

# cargo install boringtun-cli — Installs Boringtun locally

# ln ~/.cargo/bin/boringtun-cli /usr/local/bin/boringtun — Link it so it runs system wide

Step 3: Install Wireguard from script:

# curl -O https://raw.githubusercontent.com/angristan/wireguard-install/master/wireguard-install.sh — Downloads Install Script

# sed -i 's/^\tcheckVirt/#\tcheckVirt/' wireguard-install.sh — removes Virtualazation check to force install.

# chmod +x wireguard-install.sh — Makes script Executable

# ./wireguard-install.sh — Runs the script. Configure it how you want. Note the port you use, so you can open the firewall for it. The Wiregoard service will fail until the next step, but you can go ahead and run the script multiple times to make more clients.

Step 4: make boring tun work:

# sed -i '19 i Environment=WG_QUICK_USERSPACE_IMPLEMENTATION=boringtun' /lib/systemd/system/[email protected] — Sets wg-quick service to use boringtun

# sed -i '20 i Environment=WG_SUDO=1' /lib/systemd/system/[email protected] — Correct Boring tun permissions

# systemctl stop wg-quick@wg0 — Make sure the service is stopped

# systemctl start wg-quick@wg0 — Starts the service

# systemctl status wg-quick@wg0 — Shows the status

Step 4: Optional – Setup firewall: # ufw allow ssh — Allow ssh

# ufw allow 58453/udp — replace 58453 with port you used for your listening port during setup. 3 ufw enable

Note, if ufw returns a “command not found”. install it with apt install ufw

If your service won’t start, check the log. if you get a RTNETLINK answers: Operation not supported, that means you need to enable TUN/TAP in the control pannel of your VPS.