WireGuard on Oracle Cloud: Setting Up a Fast, Free VPN on ARM

WireGuard on Oracle Cloud ARM

Oracle Cloud offers one of the most generous “Always Free” tiers in the cloud world: the ARM Ampere instances with up to 4 OCPUs and 24GB of RAM. This makes it an absolute beast for hosting a personal VPN.

In this guide, we’ll set up WireGuard—a modern, high-performance VPN—on an Oracle ARM instance using a popular automated installation script.

1. Prerequisites

  • An Oracle Cloud account.
  • An ARM instance (VM.Standard.A1.Flex) running Ubuntu or Debian.
  • Basic knowledge of the terminal.

2. Oracle VCN Configuration (Critical Step)

By default, Oracle Cloud blocks almost all incoming traffic. You need to open the WireGuard port in your Virtual Cloud Network (VCN).

  1. Go to Networking > Virtual Cloud Networks.
  2. Select your VCN and then click on your Security List.
  3. Add an Ingress Rule:
    • Source CIDR: 0.0.0.0/0
    • IP Protocol: UDP
    • Destination Port Range: 51820 (or the port you choose during setup).

3. The Fast Way: Using the Installation Script

Before running the script, it’s a good idea to know your Public IP. While the script usually detects it, Oracle’s internal networking can sometimes confuse it. Verify your IP first:

curl -s https://ifconfig.me

Keep this IP handy so you can correct the script if it suggests an internal IP (like 10.x.x.x).

We’ll use the angristan/wireguard-install script, which handles the complex parts like key generation and networking configuration for you.

Run the following commands on your VPS:

curl -O https://raw.githubusercontent.com/angristan/wireguard-install/master/wireguard-install.sh
chmod +x wireguard-install.sh
sudo ./wireguard-install.sh

The script will ask you a few questions:

  • Public IP: Ensure this matches the IP you found earlier.
  • Port: Default is 51820.
  • DNS: You can choose Cloudflare (1.1.1.1, 1.0.0.1) or Google (8.8.8.8).

After the installation, it will prompt you to create your first client.

4. Handling Oracle’s Local Firewall

Oracle’s default Ubuntu image comes with iptables rules that might block traffic even after you open them in the Cloud Console. Although the script tries to handle this, you might need to manually ensure the port is open:

sudo iptables -I INPUT 6 -p udp --dport 51820 -j ACCEPT
sudo netfilter-persistent save

5. Client Setup

Once you finish the script, it will:

  1. Generate a .conf file for your client in your home directory.
  2. Display a QR Code directly in your terminal.

To connect:

  • Mobile: Scan the QR code using the WireGuard app.
  • Desktop: Download the .conf file and import it into your WireGuard client.

To add more clients later, just run the script again:

sudo ./wireguard-install.sh

Why WireGuard on ARM?

  • Performance: WireGuard is extremely efficient. Combined with the 10Gbps+ networking available on ARM instances, you get near-native speeds.
  • Battery Life: Unlike OpenVPN, WireGuard’s “silent” nature when idle is much friendlier to mobile device batteries.
  • Cost: It’s $0/month for a setup that could easily handle dozens of simultaneous users.

Conclusion

Setting up WireGuard on Oracle Cloud is one of the best ways to utilize the Always Free ARM tier. Whether you want to secure your traffic on public Wi-Fi or access your home network securely from abroad, this setup provides a robust, professional-grade solution at no cost.

#Guide #Networking #Oracle Cloud #WireGuard #VPN #English

Read Next

SSH Protokolünün Derinlikleri: Port Forwarding ile Güvenli Tüneller

SSH sadece uzak terminale bağlanmak için değil; veritabanı erişimi, local geliştirme paylaşımı ve güvenli ağ tünelleri kurmak için de güçlü bir araçtır.