Creating a residential VPN server using Proxyrack proxies with Wireguard and Redsocks

Sam · September 30, 2025, 12:05am

I’m going to use a VPS from DigitalOcean with Ubuntu 22.04 as the operating system

Install wireguard

sudo apt update
sudo apt install wireguard wireguard-tools -y

Generate Key Pairs: Create private and public keys for the server and a client.

umask 077
wg genkey | tee /etc/wireguard/server_private.key | wg pubkey > /etc/wireguard/server_public.key
wg genkey | tee /etc/wireguard/client_private.key | wg pubkey > /etc/wireguard/client_public.key

Configure WireGuard Server: Create /etc/wireguard/wg0.conf with the following:

[Interface]
PrivateKey = <server_private.key> # From /etc/wireguard/server_private.key
Address = 10.0.1.1/24
ListenPort = 51820
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = <client_public.key> # From /etc/wireguard/client_public.key
AllowedIPs = 10.0.1.2/32

Replace and with the contents of the respective files. Adjust eth0 to your server’s network interface (check with ip link).

Enable IP Forwarding: Edit /etc/sysctl.conf and uncomment or add:

net.ipv4.ip_forward = 1

Apply it:

sudo sysctl -p

Start WireGuard:

sudo systemctl enable wg-quick@wg0
sudo systemctl start wg-quick@wg0

Client Configuration (for reference): On the client device, create a WireGuard config:

[Interface]
PrivateKey = <client_private.key>
Address = 10.0.1.2/24
DNS = 8.8.8.8

[Peer]
PublicKey = <server_public.key>
Endpoint = <server_public_ip>:51820
AllowedIPs = 0.0.0.0/0

Change the above keys and endpoint and then test on your local machine if the wiregurad VPN connection works. Assuming it does we can move onto passing traffic through the:

VPN → redsocks → residential proxy → web

Install redsocks

apt install redsocks

/etc/redsocks.conf (example - forwards to a SOCKS5 residential proxy)

base {
    log_debug = off;
    log_info = on;
    log = "file:/var/log/redsocks.log";
    daemon = on;
    user = "redsocks";
    group = "nogroup";
    redirector = iptables;
}

redsocks {
    local_ip = 0.0.0.0;
    local_port = 12345;
    ip = unmetered.residential.proxyrack.net; // change this to a different service if required
    port = 9000; // you can change this to a sticky session if you need
    type = socks5;
    login = "proxyrack_username";
    password = "proxyrack_api_key";
}

Manually run redsocks - this then goes into the background

redsocks -c /etc/redsocks.conf

Now we modify wireguard to have the correct iptable rules

Edit - /etc/wireguard/wg0.conf

Change the PostUp and the PostDown

PostUp = sysctl -w net.ipv4.ip_forward=1; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -N REDSOCKS 2>/dev/null || true; iptables -t nat -C REDSOCKS -d 127.0.0.0/8 -j RETURN 2>/dev/null || iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN; iptables -t nat -C REDSOCKS -d 10.0.0.0/8 -j RETURN 2>/dev/null || iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN; iptables -t nat -C REDSOCKS -d 192.168.0.0/16 -j RETURN 2>/dev/null || iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN; iptables -t nat -C REDSOCKS -d 172.16.0.0/12 -j RETURN 2>/dev/null || iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN; iptables -t nat -C REDSOCKS -d 209.205.192.26 -j RETURN 2>/dev/null || iptables -t nat -A REDSOCKS -d 209.205.192.26 -j RETURN; iptables -t nat -C REDSOCKS -p tcp -j REDIRECT --to-ports 12345 2>/dev/null || iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345; iptables -t nat -C PREROUTING -i wg0 -p tcp -j REDSOCKS 2>/dev/null || iptables -t nat -A PREROUTING -i wg0 -p tcp -j REDSOCKS; iptables -t nat -C POSTROUTING -o eth0 -j MASQUERADE 2>/dev/null || iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -t nat -D PREROUTING -i wg0 -p tcp -j REDSOCKS 2>/dev/null || true; iptables -t nat -D REDSOCKS -p tcp -j REDIRECT --to-ports 12345 2>/dev/null || true; iptables -t nat -D REDSOCKS -d 209.205.192.26 -j RETURN 2>/dev/null || true; iptables -t nat -D REDSOCKS -d 172.16.0.0/12 -j RETURN 2>/dev/null || true; iptables -t nat -D REDSOCKS -d 192.168.0.0/16 -j RETURN 2>/dev/null || true; iptables -t nat -D REDSOCKS -d 10.0.0.0/8 -j RETURN 2>/dev/null || true; iptables -t nat -D REDSOCKS -d 127.0.0.0/8 -j RETURN 2>/dev/null || true; iptables -t nat -F REDSOCKS 2>/dev/null || true; iptables -t nat -X REDSOCKS 2>/dev/null || true; iptables -D FORWARD -i wg0 -j ACCEPT 2>/dev/null || true; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE 2>/dev/null || true

So the config will look something like this

/etc/wireguard/wg0.conf

Contents:

[Interface]
PrivateKey = <server_private.key> # From /etc/wireguard/server_private.key
Address = 10.0.1.1/24
ListenPort = 51820
PostUp = sysctl -w net.ipv4.ip_forward=1; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -N REDSOCKS 2>/dev/null || true; iptables -t nat -C REDSOCKS -d 127.0.0.0/8 -j RETURN 2>/dev/null || iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN; iptables -t nat -C REDSOCKS -d 10.0.0.0/8 -j RETURN 2>/dev/null || iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN; iptables -t nat -C REDSOCKS -d 192.168.0.0/16 -j RETURN 2>/dev/null || iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN; iptables -t nat -C REDSOCKS -d 172.16.0.0/12 -j RETURN 2>/dev/null || iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN; iptables -t nat -C REDSOCKS -d 209.205.192.26 -j RETURN 2>/dev/null || iptables -t nat -A REDSOCKS -d 209.205.192.26 -j RETURN; iptables -t nat -C REDSOCKS -p tcp -j REDIRECT --to-ports 12345 2>/dev/null || iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345; iptables -t nat -C PREROUTING -i wg0 -p tcp -j REDSOCKS 2>/dev/null || iptables -t nat -A PREROUTING -i wg0 -p tcp -j REDSOCKS; iptables -t nat -C POSTROUTING -o eth0 -j MASQUERADE 2>/dev/null || iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -t nat -D PREROUTING -i wg0 -p tcp -j REDSOCKS 2>/dev/null || true; iptables -t nat -D REDSOCKS -p tcp -j REDIRECT --to-ports 12345 2>/dev/null || true; iptables -t nat -D REDSOCKS -d 209.205.192.26 -j RETURN 2>/dev/null || true; iptables -t nat -D REDSOCKS -d 172.16.0.0/12 -j RETURN 2>/dev/null || true; iptables -t nat -D REDSOCKS -d 192.168.0.0/16 -j RETURN 2>/dev/null || true; iptables -t nat -D REDSOCKS -d 10.0.0.0/8 -j RETURN 2>/dev/null || true; iptables -t nat -D REDSOCKS -d 127.0.0.0/8 -j RETURN 2>/dev/null || true; iptables -t nat -F REDSOCKS 2>/dev/null || true; iptables -t nat -X REDSOCKS 2>/dev/null || true; iptables -D FORWARD -i wg0 -j ACCEPT 2>/dev/null || true; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE 2>/dev/null || true


[Peer]
PublicKey = <client_public.key> # From /etc/wireguard/client_public.key
AllowedIPs = 10.0.1.2/32

Reload wireguard wg0

sudo wg-quick down wg0
sudo wg-quick up wg0

Now reconnect with your wireguard client from your computer and your traffic will be routed through the residential proxy!

Video walk through:

Topic		Replies	Views
Convert a SOCKS proxy to HTTP protocol using Nginx and Redsocks Everything	0	237	October 7, 2025
How to bypass internet filters (like Aeroplanes or airports) using Shadowsocks proxy Everything	0	48	September 18, 2025
How to test if a proxy support UDP protocol by resolving DNS using NodeJS Everything	0	199	October 14, 2025
Host My Own Backend Server Everything	1	263	January 23, 2025
Start Here → Introduce Yourself to the Forum Everything	12	383	September 22, 2025

Creating a residential VPN server using Proxyrack proxies with Wireguard and Redsocks

Related topics