{"id":1137,"date":"2025-09-05T23:15:49","date_gmt":"2025-09-05T23:15:49","guid":{"rendered":"https:\/\/yairmartinezcybersecurityportfolio.com\/?p=1137"},"modified":"2025-12-26T05:26:41","modified_gmt":"2025-12-26T05:26:41","slug":"setting-up-my-own-personal-vpn-with-fireguard-on-digital-ocean","status":"publish","type":"post","link":"https:\/\/yairmartinezcybersecurityportfolio.com\/?p=1137","title":{"rendered":"Setting Up My Own Personal VPN With Wireguard on Digital Ocean"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Introduction<\/h2>\n\n\n\n<p>For this project, I set up my own <strong>WireGuard VPN<\/strong> on the same VPS that hosts my e-portfolio website. Instead of paying for a third-party VPN, I wanted to learn hands-on how VPNs work, how to configure them, and how i would secure them when running alongside other services like WordPress.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Step 1: Provision the VPS<\/h2>\n\n\n\n<p>I used a <strong>DigitalOcean droplet<\/strong> with:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ubuntu 22.04 LTS<\/li>\n\n\n\n<li>$6\/month plan (1 vCPU \/ 1 GB RAM)<\/li>\n\n\n\n<li>Closest region for latency<\/li>\n<\/ul>\n\n\n\n<p>This was the same droplet as where my e-portfolio is hosted from <\/p>\n\n\n\n<div class=\"wp-block-stackable-image stk-block-image stk-block stk-8a42a45\" data-block-id=\"8a42a45\"><figure><span class=\"stk-img-wrapper stk-image--shape-stretch\"><img loading=\"lazy\" decoding=\"async\" class=\"stk-img wp-image-1025\" src=\"https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/08\/Screenshot-from-2025-08-06-12-27-31.png\" width=\"1004\" height=\"120\" srcset=\"https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/08\/Screenshot-from-2025-08-06-12-27-31.png 1004w, https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/08\/Screenshot-from-2025-08-06-12-27-31-300x36.png 300w, https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/08\/Screenshot-from-2025-08-06-12-27-31-768x92.png 768w\" sizes=\"auto, (max-width: 1004px) 100vw, 1004px\" \/><\/span><\/figure><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Step 2: Install WireGuard<\/h2>\n\n\n\n<p>After connecting to the server via SSH, I installed wireguard<\/p>\n\n\n\n<div class=\"wp-block-stackable-image stk-block-image stk-block stk-5b4c07e\" data-block-id=\"5b4c07e\"><figure><span class=\"stk-img-wrapper stk-image--shape-stretch\"><img loading=\"lazy\" decoding=\"async\" class=\"stk-img wp-image-1138\" src=\"https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-04-21-19-08.png\" width=\"1272\" height=\"355\" srcset=\"https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-04-21-19-08.png 1272w, https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-04-21-19-08-300x84.png 300w, https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-04-21-19-08-1024x286.png 1024w, https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-04-21-19-08-768x214.png 768w\" sizes=\"auto, (max-width: 1272px) 100vw, 1272px\" \/><\/span><\/figure><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Step 3: Generate Keys<\/h2>\n\n\n\n<p>Inside <code>\/etc\/wireguard<\/code>:<\/p>\n\n\n\n<div class=\"wp-block-stackable-image stk-block-image stk-block stk-81603ac\" data-block-id=\"81603ac\"><figure><span class=\"stk-img-wrapper stk-image--shape-stretch\"><img loading=\"lazy\" decoding=\"async\" class=\"stk-img wp-image-1139\" src=\"https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-04-21-21-20.png\" width=\"1122\" height=\"29\" srcset=\"https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-04-21-21-20.png 1122w, https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-04-21-21-20-300x8.png 300w, https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-04-21-21-20-1024x26.png 1024w, https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-04-21-21-20-768x20.png 768w\" sizes=\"auto, (max-width: 1122px) 100vw, 1122px\" \/><\/span><\/figure><\/div>\n\n\n\n<div class=\"wp-block-stackable-image stk-block-image stk-block stk-4006ea7\" data-block-id=\"4006ea7\"><figure><span class=\"stk-img-wrapper stk-image--shape-stretch\"><img loading=\"lazy\" decoding=\"async\" class=\"stk-img wp-image-1140\" src=\"https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-04-21-23-54.png\" width=\"1122\" height=\"29\" srcset=\"https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-04-21-23-54.png 1122w, https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-04-21-23-54-300x8.png 300w, https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-04-21-23-54-1024x26.png 1024w, https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-04-21-23-54-768x20.png 768w\" sizes=\"auto, (max-width: 1122px) 100vw, 1122px\" \/><\/span><\/figure><\/div>\n\n\n\n<p>This gave me private\/public key pairs for both server and client.<\/p>\n\n\n\n<div class=\"wp-block-stackable-image stk-block-image stk-block stk-c4e3894\" data-block-id=\"c4e3894\"><figure><span class=\"stk-img-wrapper stk-image--shape-stretch\"><img loading=\"lazy\" decoding=\"async\" class=\"stk-img wp-image-1142\" src=\"https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-04-21-24-30.png\" width=\"1068\" height=\"140\" srcset=\"https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-04-21-24-30.png 1068w, https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-04-21-24-30-300x39.png 300w, https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-04-21-24-30-1024x134.png 1024w, https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-04-21-24-30-768x101.png 768w\" sizes=\"auto, (max-width: 1068px) 100vw, 1068px\" \/><\/span><\/figure><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Step 4: Configure the Server<\/h2>\n\n\n\n<p>I created <code>\/etc\/wireguard\/wg0.conf<\/code>:<\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<div class=\"wp-block-stackable-image stk-block-image stk-block stk-aabda8b\" data-block-id=\"aabda8b\"><style>.stk-aabda8b .stk-img-wrapper{width:346px !important;}<\/style><figure><span class=\"stk-img-wrapper stk-image--shape-stretch\"><img loading=\"lazy\" decoding=\"async\" class=\"stk-img wp-image-1143\" src=\"https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-05-14-12-46.png\" width=\"346\" height=\"278\" srcset=\"https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-05-14-12-46.png 346w, https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-05-14-12-46-300x241.png 300w\" sizes=\"auto, (max-width: 346px) 100vw, 346px\" \/><\/span><\/figure><\/div>\n<\/div><\/div>\n\n\n\n<p>This gave the server a private VPN IP (<code>10.0.0.1<\/code>) and NAT\u2019d client traffic out over <code>eth0<\/code>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Step 5: NAT &amp; Forwarding<\/h2>\n\n\n\n<p>To allow VPN clients to reach the internet through my VPS, I created a small bash script called <code>postup.sh<\/code>:<\/p>\n\n\n\n<div class=\"wp-block-stackable-image stk-block-image stk-block stk-85658f5\" data-block-id=\"85658f5\"><style>.stk-85658f5 .stk-img-wrapper{width:689px !important;}<\/style><figure><span class=\"stk-img-wrapper stk-image--shape-stretch\"><img loading=\"lazy\" decoding=\"async\" class=\"stk-img wp-image-1149\" src=\"https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-05-15-06-05.png\" width=\"689\" height=\"135\" srcset=\"https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-05-15-06-05.png 689w, https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-05-15-06-05-300x59.png 300w\" sizes=\"auto, (max-width: 689px) 100vw, 689px\" \/><\/span><\/figure><\/div>\n\n\n\n<p>I saved it under <code>\/etc\/wireguard\/postup.sh<\/code>, made it executable, and ran it:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>chmod +x \/etc\/wireguard\/postup.sh\n.\/postup.sh<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Step 6: Configure Clients<\/h2>\n\n\n\n<p>I set up multiple devices:<\/p>\n\n\n\n<p><strong>Linux Client:<\/strong><\/p>\n\n\n\n<div class=\"wp-block-stackable-image stk-block-image stk-block stk-25571ea\" data-block-id=\"25571ea\"><style>.stk-25571ea .stk-img-wrapper{width:346px !important;}<\/style><figure><span class=\"stk-img-wrapper stk-image--shape-stretch\"><img loading=\"lazy\" decoding=\"async\" class=\"stk-img wp-image-1147\" src=\"https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-05-14-24-45.png\" width=\"346\" height=\"278\" srcset=\"https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-05-14-24-45.png 346w, https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-05-14-24-45-300x241.png 300w\" sizes=\"auto, (max-width: 346px) 100vw, 346px\" \/><\/span><\/figure><\/div>\n\n\n\n<p><strong>Windows + Mobile:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Used the WireGuard desktop\/mobile apps.<\/li>\n\n\n\n<li>Imported configs or scanned QR codes.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Step 7: Start the VPN<\/h2>\n\n\n\n<p>On the server:<\/p>\n\n\n\n<div class=\"wp-block-stackable-image stk-block-image stk-block stk-868bdfa\" data-block-id=\"868bdfa\"><figure><span class=\"stk-img-wrapper stk-image--shape-stretch\"><img loading=\"lazy\" decoding=\"async\" class=\"stk-img wp-image-1145\" src=\"https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-04-23-30-36.png\" width=\"1025\" height=\"112\" srcset=\"https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-04-23-30-36.png 1025w, https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-04-23-30-36-300x33.png 300w, https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-04-23-30-36-768x84.png 768w\" sizes=\"auto, (max-width: 1025px) 100vw, 1025px\" \/><\/span><\/figure><\/div>\n\n\n\n<div class=\"wp-block-stackable-image stk-block-image stk-block stk-7b0e4a1\" data-block-id=\"7b0e4a1\"><figure><span class=\"stk-img-wrapper stk-image--shape-stretch\"><img loading=\"lazy\" decoding=\"async\" class=\"stk-img wp-image-1146\" src=\"https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-04-23-33-06.png\" width=\"1226\" height=\"115\" srcset=\"https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-04-23-33-06.png 1226w, https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-04-23-33-06-300x28.png 300w, https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-04-23-33-06-1024x96.png 1024w, https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-04-23-33-06-768x72.png 768w\" sizes=\"auto, (max-width: 1226px) 100vw, 1226px\" \/><\/span><\/figure><\/div>\n\n\n\n<p>On clients:<\/p>\n\n\n\n<div class=\"wp-block-stackable-image stk-block-image stk-block stk-29f850c\" data-block-id=\"29f850c\"><style>.stk-29f850c .stk-img-wrapper{width:672px !important;}<\/style><figure><span class=\"stk-img-wrapper stk-image--shape-stretch\"><img loading=\"lazy\" decoding=\"async\" class=\"stk-img wp-image-1144\" src=\"https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-05-13-05-22.png\" width=\"672\" height=\"357\" srcset=\"https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-05-13-05-22.png 672w, https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-05-13-05-22-300x159.png 300w\" sizes=\"auto, (max-width: 672px) 100vw, 672px\" \/><\/span><\/figure><\/div>\n\n\n\n<p>(or \u201cActivate\u201d in the WireGuard app).<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Step 7: Testing<\/h2>\n\n\n\n<p>I verified connectivity:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ping 10.0.0.1          # server VPN IP\ncurl -4 ifconfig.me    # showed server's public IP\ntraceroute 1.1.1.1     # first hop = 10.0.0.1\n<\/code><\/pre>\n\n\n\n<div class=\"wp-block-stackable-image stk-block-image stk-block stk-7a61b63\" data-block-id=\"7a61b63\"><figure><span class=\"stk-img-wrapper stk-image--shape-stretch\"><img loading=\"lazy\" decoding=\"async\" class=\"stk-img wp-image-1148\" src=\"https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-05-14-31-51.png\" width=\"1272\" height=\"600\" srcset=\"https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-05-14-31-51.png 1272w, https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-05-14-31-51-300x142.png 300w, https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-05-14-31-51-1024x483.png 1024w, https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-05-14-31-51-768x362.png 768w\" sizes=\"auto, (max-width: 1272px) 100vw, 1272px\" \/><\/span><\/figure><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Debugging Challenges<\/h2>\n\n\n\n<p>This wasn\u2019t smooth sailing and that\u2019s where I learned the most:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Issue:<\/strong> <code>wg-quick@wg0.service<\/code> failed with \u201calready exists.\u201d<br><strong>Fix:<\/strong> cleaned up interfaces with <code>wg-quick down wg0; ip link del wg0<\/code>.<\/li>\n\n\n\n<li><strong>Issue:<\/strong> Clients lost all internet when VPN was enabled.<br><strong>Fix:<\/strong> enabled IP forwarding, corrected UFW rules, and fixed duplicate NAT rules.<\/li>\n<\/ul>\n\n\n\n<p>Debugging taught me to use the following commands to find my mistakes and debug them<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>wg show\njournalctl -u wg-quick@wg0\niptables -t nat -L -n -v\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Security Hardening<\/h2>\n\n\n\n<p>Running a VPN and WordPress on the same VPS introduces risk. If I were to keep it heres how i would address it:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Firewall (UFW):<\/strong> only allowing ports 22 (SSH), 80\/443 (web), 51820\/udp (VPN).<\/li>\n\n\n\n<li><strong>Fail2Ban:<\/strong> blocking repeated brute-force SSH attempts.<\/li>\n\n\n\n<li><strong>SSH hardening:<\/strong> disabled password login \u2192 key-only access.<\/li>\n\n\n\n<li><strong>WordPress security:<\/strong> updated themes\/plugins, removed unused components, enforced strong credentials.<\/li>\n\n\n\n<li><strong>VPN monitoring:<\/strong> regularly checking peers with <code>wg show<\/code>.<\/li>\n<\/ul>\n\n\n\n<p>Once This post is up the The VPN will no longer be running on the VPS<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Step 8: Multi-Device Connectivity<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ubuntu laptop<\/li>\n\n\n\n<li>Windows laptop<\/li>\n\n\n\n<li>Mobile phone<\/li>\n<\/ul>\n\n\n\n<p>To demonstrate real-world use, I connected:<\/p>\n\n\n\n<p>All routed traffic through the VPN server and shared its public IP. Seeing three peers in <code>wg show<\/code> with active handshakes and transfer stats was proof of success.<\/p>\n\n\n\n<p>When Configuring on Windows and on my Phone I ran into issues with mistypes stalling my speed in getting it up<\/p>\n\n\n\n<div class=\"wp-block-stackable-image stk-block-image stk-block stk-ee0686b\" data-block-id=\"ee0686b\"><style>.stk-ee0686b .stk-img-wrapper{width:50% !important;height:550px !important;}<\/style><figure><span class=\"stk-img-wrapper stk-image--shape-stretch\"><img loading=\"lazy\" decoding=\"async\" class=\"stk-img wp-image-1150\" src=\"https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/IMG_2052-scaled.png\" width=\"1183\" height=\"2560\" srcset=\"https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/IMG_2052-scaled.png 1183w, https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/IMG_2052-139x300.png 139w, https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/IMG_2052-473x1024.png 473w, https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/IMG_2052-768x1662.png 768w, https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/IMG_2052-710x1536.png 710w, https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/IMG_2052-947x2048.png 947w, https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/IMG_2052-1024x2215.png 1024w\" sizes=\"auto, (max-width: 1183px) 100vw, 1183px\" \/><\/span><\/figure><\/div>\n\n\n\n<div class=\"wp-block-stackable-image-box stk-block-image-box stk-hover-parent stk-block stk-4795dad\" data-block-id=\"4795dad\"><style>.stk-4795dad {margin-bottom:0px !important;}<\/style><div class=\"stk-block-content stk-inner-blocks has-text-align-center stk-row stk-block-image-box__content\">\n<div class=\"wp-block-stackable-image stk-block-image stk-block stk-675b9b8\" data-block-id=\"675b9b8\"><style>.stk-675b9b8 .stk-img-wrapper{width:50% !important;height:618px !important;}<\/style><figure><span class=\"stk-img-wrapper stk-image--shape-stretch\"><img loading=\"lazy\" decoding=\"async\" class=\"stk-img wp-image-1151\" src=\"https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/IMG_2053-scaled.png\" width=\"1183\" height=\"2560\" srcset=\"https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/IMG_2053-scaled.png 1183w, https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/IMG_2053-139x300.png 139w, https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/IMG_2053-473x1024.png 473w, https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/IMG_2053-768x1662.png 768w, https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/IMG_2053-710x1536.png 710w, https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/IMG_2053-947x2048.png 947w, https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/IMG_2053-1024x2215.png 1024w\" sizes=\"auto, (max-width: 1183px) 100vw, 1183px\" \/><\/span><\/figure><\/div>\n\n\n\n<div class=\"wp-block-stackable-column stk-block-column stk-column stk-block stk-0496f71\" data-v=\"4\" data-block-id=\"0496f71\"><style>.stk-0496f71 {align-items:center !important;display:flex !important;}<\/style><div class=\"stk-column-wrapper stk-block-column__content stk-container stk-0496f71-container stk--no-background stk--no-padding\"><div class=\"stk-block-content stk-inner-blocks stk-0496f71-inner-blocks\">\n<p> <\/p>\n<\/div><\/div><\/div>\n<\/div><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<div class=\"wp-block-stackable-image stk-block-image stk-block stk-7c18419\" data-block-id=\"7c18419\"><style>.stk-7c18419 {margin-bottom:79px !important;}.stk-7c18419 .stk-img-wrapper{width:481px !important;height:359px !important;}<\/style><figure><span class=\"stk-img-wrapper stk-image--shape-stretch\"><img loading=\"lazy\" decoding=\"async\" class=\"stk-img wp-image-1158\" src=\"https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-05-19-37-00.png\" width=\"714\" height=\"525\" srcset=\"https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-05-19-37-00.png 714w, https:\/\/yairmartinezcybersecurityportfolio.com\/wp-content\/uploads\/2025\/09\/Screenshot-from-2025-09-05-19-37-00-300x221.png 300w\" sizes=\"auto, (max-width: 714px) 100vw, 714px\" \/><\/span><\/figure><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Reinforced Learning In<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Networking:<\/strong> private subnets, NAT, routing.<\/li>\n\n\n\n<li><strong>Linux administration:<\/strong> systemd, UFW, iptables.<\/li>\n\n\n\n<li><strong>Security:<\/strong> adding services expands the attack surface, mitigation matters.<\/li>\n\n\n\n<li><strong>Cross-platform practice:<\/strong> configuring VPN clients across Linux, Windows, and mobile.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Final Thoughts<\/h2>\n\n\n\n<p>This project gave me a working, multi-device WireGuard VPN and strengthened my understanding of networking and system security.<\/p>\n\n\n\n<p>This was further reinforcement me that real-world projects are not just about making something work they\u2019re about <strong>debugging issues<\/strong> and <strong>thinking critically about the risks introduced<\/strong>.<\/p>\n\n\n\n<p>With this VPN, I now have a fast, private, and secure connection I can use on the go and a solid project I can share with you the Reader. Thanks for reading. \ud83d\ude42<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Introduction For this project, I set up my own WireGuard VPN on the same VPS that hosts my e-portfolio website. Instead of paying for a third-party VPN, I wanted to learn hands-on how VPNs work, how to configure them, and how i would secure them when running alongside other services like WordPress. Step 1: Provision [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1272,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[39,1],"tags":[],"class_list":["post-1137","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-miscellaneous","category-projects"],"_links":{"self":[{"href":"https:\/\/yairmartinezcybersecurityportfolio.com\/index.php?rest_route=\/wp\/v2\/posts\/1137","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/yairmartinezcybersecurityportfolio.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/yairmartinezcybersecurityportfolio.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/yairmartinezcybersecurityportfolio.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/yairmartinezcybersecurityportfolio.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1137"}],"version-history":[{"count":7,"href":"https:\/\/yairmartinezcybersecurityportfolio.com\/index.php?rest_route=\/wp\/v2\/posts\/1137\/revisions"}],"predecessor-version":[{"id":1162,"href":"https:\/\/yairmartinezcybersecurityportfolio.com\/index.php?rest_route=\/wp\/v2\/posts\/1137\/revisions\/1162"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/yairmartinezcybersecurityportfolio.com\/index.php?rest_route=\/wp\/v2\/media\/1272"}],"wp:attachment":[{"href":"https:\/\/yairmartinezcybersecurityportfolio.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1137"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/yairmartinezcybersecurityportfolio.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1137"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/yairmartinezcybersecurityportfolio.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1137"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}