VPS on any provider using Docker

What you will need:

  • A virtual machine running WireGuard compatible operating system.
  • An Agent Token.


Deploying and managing your private virtual VPN server means you choose your provider and the desired location. And you're the one in charge of it.

To simplify a setup, we've extended the currently available Add Endpoints window with a tab dedicated for the VPN Agent.

This terminal command requires to be run on your managed server that is WireGuard compatible. We recommend Ubuntu Server 21.04.

Understanding the difference between VPN agent and non-VPN Agent

VPN agent adds a couple more configuration options to the original command used to run a non-VPN Agent.

If you choose to run the command manually, make sure to include these variables:

  • SYNTROPY_ALLOWED_IPS='[{"":"internet"}]' - This variable enables the interface to route all of your traffic through to the Internet. This is the key to correct VPN functionality. You can see this interface as a Service in the Endpoints and Connections tables.

  • SYNTROPY_SERVICES_STATUS=true - This variable keeps the VPN Service pre-selected, so you don't have to go back and enable it for every connection individually.

  • SYNTROPY_TAGS - This variable we add here is optional. It allows you to distinguish your VPN server in the Endpoints list easily.

It can be a good idea to also define:

  • SYNTROPY_PORT_RANGE - This variable allows you to set up specific ports for Wireguard to listen to. In return, for extra security, you can open only this range of ports in your VPS firewall, rather than a wide range, or all ports.

If you set up everything correctly and the Docker runs fine, you should see the VPN server appear in the Endpoints list.