Road Warrior WireGuard on an Anubiz VPS
A single-client WireGuard server on your Anubiz VPS gives you your own egress IP from any cafe or hotel network. Done right it leaks zero metadata to the local network and survives interface drops. This guide is the hardened version - not a 30-second wg-quick blog post - and it assumes you have an Anubiz Romania or Finland VPS Mini-V with Ubuntu 24.04.
Need this done for your project?
We implement, you ship. Async, documented, done in days.
Step 1: Server Side
apt install wireguard. Generate server keys in /etc/wireguard/ with umask 077. In /etc/wireguard/wg0.conf set ListenPort 51820, PrivateKey, Address 10.66.66.1/24. Enable IPv4 forwarding via net.ipv4.ip_forward=1 in /etc/sysctl.d/99-wg.conf.
Step 2: nftables NAT and Filter
In nftables, MASQUERADE traffic from 10.66.66.0/24 going out the WAN interface. Filter table: accept established, accept udp dport 51820 from world, accept SSH from your jump IP, drop the rest inbound. Reload nftables.
Step 3: Client Peer
On the laptop, install WireGuard. Create a peer with Address 10.66.66.2/32, DNS 9.9.9.9, AllowedIPs 0.0.0.0/0, ::/0 (full tunnel), Endpoint server-ip:51820, PersistentKeepalive 25. Add the peer's public key to the server's wg0.conf.
Step 4: Kill Switch
On Linux client: PostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT. On Windows the official WireGuard client has Block untunneled traffic. macOS use pf with similar logic. Without a kill switch a dropped tunnel leaks your real IP instantly.
Step 5: DNS Leak Test
Visit dnsleaktest.com and ipleak.net after connecting. You should only see your Anubiz VPS IP and the DNS resolver you picked. If you see your ISP DNS, the client is leaking - check the DNS line in your peer config.
Related Services
Why Anubiz Host
Ready to get started?
Skip the research. Tell us what you need, and we'll scope it, implement it, and hand it back — fully documented and production-ready.