As I started the Kill Noma project I wanted to have secure access to all the servers that I have at home from any place. The solution is a VPN server as the professional ones that we use to work from home.

But… What is a VPN server? It is like a secret tunnel that lets you safely get inside your home computers from anywhere. You will be the only one to have access to them, all your local IPs and open ports without security worries.

And how much will it cost? We just need an old computer and the biggest cost will be the electricity so we need to choose the correct old computer.

Step 1. Choose the correct PC

There are many old pc options, but I recommend some mini pc with a power consume lower than 10W. In my case I chose a 2nd hand Dell Wyse 3040 for around 10$ but there are plenty of options, just get something silent, economic, low consume, robust and with more than 1GB of RAM and 5GB of disk. Here are my recommendations:

• Dell → OptiPlex Micro / Wyse thin clients
• Lenovo → ThinkCentre Tiny
• HP → EliteDesk / ProDesk Mini

Step 2. Install Ubuntu Server

I will not enter in detail but I would recommend Ubuntu Server 24.04, the 26 version is still too new and has some bug that doesn’t recognize old disk partitions in these old computers. Just copy the ISO image into a pendrive with Rufus and follow the indications on the screen (minimal install is enough)

After installation:

sudo apt update && sudo apt upgrade -y

Step 3. Prepare your router and network

Assign your server a static local IP (e.g., 192.168.1.50)

Configure port forwarding on your router:

Port: 51820 (UDP)

Forward → your server IP

Step 4. Install WireGuard

We’ll use the popular script from angristan/wireguard-install

This script automates everything: installation, config, firewall, and clients.

curl -O https://raw.githubusercontent.com/angristan/wireguard-install/master/wireguard-install.sh
chmod +x wireguard-install.sh
sudo ./wireguard-install.sh

The script installs WireGuard, configures networking, and generates client configs automatically .

Important Configuration Options

During installation, you’ll be prompted for key settings.

Here’s what to choose:

🌍 Server Public IP / Domain

Your home public IP or dynamic DNS (e.g. DuckDNS)

Example: myhome.duckdns.org

🔌 Port

Default: 51820 (recommended)

🌐 DNS

Choose:

1.1.1.1 (Cloudflare) or

8.8.8.8 (Google)

👤 Client Name

Example:

laptop

phone

After setup, you’ll get a .conf file like:

[Interface]
PrivateKey = <client-private-key>
Address = 10.66.66.2/24
DNS = 1.1.1.1

[Peer]
PublicKey = <server-public-key>
Endpoint = your-ip:51820
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 25

Key Parameters Explained

• Address → VPN IP assigned to client
• Endpoint → your home IP + port
• AllowedIPs: 0.0.0.0/0 = route ALL traffic through VPN
• PersistentKeepalive: Keeps connection alive behind NAT

Step 5. Start and Enable WireGuard

sudo systemctl enable wg-quick@wg0
sudo systemctl start wg-quick@wg0

Check status:

sudo systemctl status wg-quick@wg0

Step 6. Connect from Devices

📱 Android / iPhone

• Install WireGuard app
• Import config:
• Scan QR code (script can generate it)
• Or import .conf file

🪟 Windows / macOS

• Install WireGuard client
• Import .conf
• Click Activate

🔍 Testing Your VPN

• Connect from phone (mobile data, not WiFi)
• Visit: https://whatismyipaddress.com

✅ If correct → your home IP appears

I tried to summarize all the steps that I did to configure my VPN server, but I have to confess that it was not as easy as it appears, specially dealing with the allowing IP filters.

If you finished reading till here and everything is working, then congratulations!!! You have got a silent, always-on VPN server, full control over your traffic and secure remote access to your home network!

But if your VPN is still not working, then try Tailscale, WireGuard is the open source tool and Tailscale is the company that makes it easy to install in your computer 😉