I first learned of WireGuard three years ago. Since then I’ve been using it daily to secure my communications and hide the IP address on all of my devices. For a while I was paying Mullvad the equivalent of about $5 a month in Bitcoin Cash for the convenience of a managed WireGuard server. But that cost adds up and renewing my account was just another thing I had to remember to do.
Thankfully the technical writers at Digital Ocean have made it incredibly simple to configure WireGuard on a Droplet. If you want to try it out you can spin up a new throwaway Ubuntu instance quickly from the command line using doctl as I’ve described in Lens App Primer for Kubernetes with K3s .
Tip: Run doctl compute size list to get a list of droplet size slugs and doctl compute image list-distribution for available distribution images.
Configure Droplet
Create a new Ubuntu droplet or use one you already have and would like to use as a WireGuard VPN gateway server. Then follow the very well laid out instructions in How To Set Up WireGuard on Ubuntu 20.04. Once you’re done setting up the server all you need to do is download the WireGuard app for Android, fill out a couple of fields and toggle a switch. Since the Digital Ocean instructions don’t cover the Android portion of the set-up I’m going to cover it here.
Install WireGuard for Android
I don’t recommend downloading apps from the Google Play store as they much like Apple have been shown to be doctoring applications after developers upload them, Telegram being just one example. Consider downloading from F-Droid instead.
Configure the App
With your server set-up and the app downloaded and installed open it up and click the [+] button then choose CREATE FROM SCRATCH and add the following information:
| Interface | |
|---|---|
| Setting | Value |
| Name | YOUR DROPLET NAME |
| Private key | [Copy from server config] |
| Private key | CLICK THE REFRESH ICON TO GENERATE |
| Public key | [Generated automatically] |
| Addresses | 10.8.0.2/32 (from Configure Droplet) |
| Listen port | [Leave blank] |
| DNS Servers | 67.207.67.2, 67.207.67.3 (from Configure Droplet) |
| MTU | [Leave blank] |
| Peer | |
| Setting | Value |
| Public key | SERVER PUBLIC KEY (from Configure Droplet) |
| Pre-shared key | [Leave blank] |
| Persistent keepalive | [Leave blank] |
| Endpoint | 222.222.222.88:51820 (use your droplet ipv4 address) |
| Allowed IPs | 0.0.0.0, ::/0 (from Configure Droplet) |
And if you like you can choose which applications use WireGuard. By default all applications will use it which is probably what you want unless you know you want the ISP you’re using to log most (but not all) of your Internet activity.
Configure Peer on Server
SSH into droplet and add the interface Public key using wg like so:
sudo wg set wg0 peer kr6fITfaCybaGhawTTJGj8p9bXApDsHA4AVu9fMAUQY= allowed-ips 10.8.0.2
Then make sure it’s there using sudo wg. You should see output like:
interface: wg0
public key: FgnI3A8Fi3SJAvmS/zwdKuHspvmWOOQupGz3EfbZw2g=
private key: (hidden)
listening port: 51820
peer: kr6fITfaCybaGwahGJTBj8b9pXApDsH4PBJu9fMAUQY=
allowed ips: 10.8.0.2/32
Next toggle on the interface you created from Android and then run sudo wg on the server once more. If everything is working you should see output like:
interface: wg0
public key: FgnI3A8Fi3SJAvmS/zwdKuHspvmWOOQupGz3EfbZw2g=
private key: (hidden)
listening port: 51820
peer: kr6fITfaCybaGwahGJTBj8b9pXApDsH4PBJu9fMAUQY=
endpoint: 179.132.253.139:6095
allowed ips: 10.8.0.2/32
latest handshake: 29 seconds ago
transfer: 11.87 MiB received, 183.35 MiB sent
Finally check for DNS leaks by visiting www.dnsleaktest.com on your Android device. You should see your location has changed to wherever your droplet was created. And if you do you’re all done. You can stop paying Mullvad and Nord.
Summary
In this post I showed you how to encrypt your internet connection on Android using WireGuard and Digital Ocean. Encrypting your connection in this manner makes hides your IP address and can help improve your privacy online. Thanks to use of modern encryption technology like WireGuard VPNs are faster than ever and you can test that theory out on your Android device by comparing WireGuard with legacy VPNs using the LibreSpeed app available on F-Droid.