• 2021-07-04:Video tutorial updated,install WireGuard on Debian 10 section added

Sometimes the ip address of the VPS we bought isn't good. It can't unlock Netflix and required to solve the google Recaptcha when using google search. One convenient way to solve those problems is to deploy the Cloudflare warp server on our VPS.

Following tutorial was tested on Ubuntu 20.04 LTS system, if you use other systems, the corresponding commands, steps and results may vary.

Install WireGuard

Ubuntu 20.04

The following commands were for Ubuntu 20.04 system,the other system can refer to the official installation guide:https://www.wireguard.com/install/

# install dependency packages
sudo apt -y install net-tools openresolv
# install WireGuard
sudo apt install wireguard

Debian 10

apt install sudo lsb-release -y
# Add backports source
echo "deb http://deb.debian.org/debian $(lsb_release -sc)-backports main" | sudo tee /etc/apt/sources.list.d/backports.list
sudo apt update
# Install dependencies
sudo apt -y --no-install-recommends install net-tools iproute2 openresolv dnsutils linux-headers-$(uname -r)
# Install WireGuard-tools
sudo apt --no-install-recommends install wireguard-tools wireguard-dkms

Some kernels of Debian10 can't install linux-headers by apt-get install linux-headers-$(uname -r) ,if that happens, you can try the following

sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade
sudo apt-get install linux-headers-$(uname -r) -y

Install wgcf

In order to use Warp on our VPS server, we need to install wgcf:https://github.com/ViRb3/wgcf

# create and enter the folder
mkdir warp && cd warp
# install wgcf「please change the download address based on the GitHub latest release」
wget -O wgcf https://github.com/ViRb3/wgcf/releases/download/v2.2.3/wgcf_2.2.3_linux_amd64
# change permission
chmod +x wgcf


# register warp account「Choose Y and press ENTER」
./wgcf register
# Generate WireGuard config file
./wgcf generate

Then enter ifconfig to check IP address of the current VPS NIC「The red part of the picture below」

Enter nano wgcf-profile.conf and add the following two lines to the end of [Interface] section of the config file

PostUp = ip rule add from [IP address you checked above] lookup main
PostDown = ip rule delete from [IP address you checked above] lookup main

The final results should look something like this:

PrivateKey = xxxxxxxxxxxxxxxxxxxx
Address = xxx.xx.x.x/xx
Address = xxxx:xxxx:xxxx:xxxx:xxx:xxx:xxxx:xxxx/xxx
MTU = xxxx
PostUp = ip rule add from xxx.xx.xxx.xxx lookup main
PostDown = ip rule delete from xxx.xx.xxx.xxx lookup main
PublicKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
AllowedIPs =
AllowedIPs = ::/0
Endpoint = engage.cloudflareclient.com:2408

Once finished, save the wgcf-account.toml and wgcf-profile.conf file incase the later use.

x> Please be sure to add the PostUP and PostDown rules porperly,otherwise you may face the risk of losing connections to your VPS, because the warp will take over your ipv4 and ipv6 address of your vps.

Start WireGuard

Copy the wgcf-profile.conf file above to the /etc/wireguard/ folder and rename it to wgcf.conf

# rename and copy the config file
sudo cp wgcf-profile.conf /etc/wireguard/wgcf.conf

Then we enter sudo wg-quick up wgcf to start the service,check if there are any errors, if not, we can enter ip a command to see the wgcf network interface like below:

Once we checked, we can enter sudo wg-quick down wgcf to stop the service

Background running

# Start deamon
sudo systemctl start [email protected]
# Enable autostart
sudo systemctl enable [email protected]
# Check status
sudo systemctl status [email protected]
# Stop
sudo systemctl stop [email protected]
# Restart
sudo systemctl restart [email protected]

After running, we can use the following commands the check the corresponding ipv4 and ipv6 address

# IPv4 
wget -qO- ip.gs
# IPv6 Only VPS
wget -qO- -6 ip.gs

If the ipv4 address shows something like 8.xxx, then the deployment is successful。

x> There are certain probabilities that the VPS will be completely out of network after the warp service startup, if that happens, just restart the service by sudo systemctl restart [email protected] and try again. Not sure the causes.

Test Netfilx unlock

apt install curl jq -y
bash <(curl -sSL "https://github.com/CoiaPrant/MediaUnlock_Test/raw/main/check.sh")

Video tutorial

Reference links

Last modification:July 4th, 2021 at 02:23 pm
If you like my post, you can donate to buy me a cup of coffee.