This guide will show you how to add and configure client for your Wireguard server. Wireguard client is available on multiple platform such as Windows, Linux, Mac, iOS and Android. Full list of supported system can be found here.
To connect to Wireguard server, configuration file needs to be generated. This file contains a pair of public and private key. Wireguard identifies each client using this key for IP verification so each client need its own configuration file.
First step is to generate public and private key in Wireguard installed directory using sudo access. These commands will generate client1_privatekey and client1_publickey.
sudo su cd /etc/wireguard umask 077 wg genkey | tee client1_privatekey | wg pubkey > client1_publickey
Next step is to modify the content of Wireguard server configuration file which in this case is wg0.conf
Following is the template of working Wireguard server config file.
[Interface] Address = internal wg ip SaveConfig = true PostUp = iptables -A FORWARD -o %i -j ACCEPT; iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -o %i -j ACCEPT; iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE ListenPort = wg port PrivateKey = server private key [Peer] #client1 PublicKey = Enter the key from 'cat client1_privatekey' AllowedIPs = assigned ip for this client Endpoint = WG Public IP:ListenPort
That’s all is needed from server side. Now, for client side we need to create new configuration file.
You can use the following template but make sure to modify as needed.
[Interface] Address = Assign IP to this client PrivateKey = enter the key from 'cat client1_privatekey' DNS = 18.104.22.168 [Peer] PublicKey = Enter server public key (Route all traffic through Wireguard) AllowedIPs = 0.0.0.0/0, ::/0 Endpoint = Public IP:Lister Port # Uncomment the following, if you're behind a NAT and want the connection to be kept alive. PersistentKeepalive = 25
Once done, export this client config file to any supported Wireguard device and you can start using it to connect from Wireguard application on your device to Wireguard server.