This guide will show you how to add and configure client for your Wireguard server. Wireguard client is available on multiple platform such as Windows, Linux, Mac, iOS and Android. Full list of supported system can be found here.
To connect to Wireguard server, configuration file needs to be generated. This file contains a pair of public and private key. Wireguard identifies each client using this key for IP verification so each client need its own configuration file.
First step is to generate public and private key in Wireguard installed directory using sudo access. These commands will generate client1_privatekey and client1_publickey.
sudo su
cd /etc/wireguard
umask 077
wg genkey | tee client1_privatekey | wg pubkey > client1_publickey
Next step is to modify the content of Wireguard server configuration file which in this case is wg0.conf
vi /etc/wireguard/wg0.conf
Following is the template of working Wireguard server config file.
[Interface]
Address = internal wg ip
SaveConfig = true
PostUp = iptables -A FORWARD -o %i -j ACCEPT; iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -o %i -j ACCEPT; iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = wg port
PrivateKey = server private key
[Peer]
#client1
PublicKey = Enter the key from 'cat client1_privatekey'
AllowedIPs = assigned ip for this client
Endpoint = WG Public IP:ListenPort
That’s all is needed from server side. Now, for client side we need to create new configuration file.
vi /etc/wireguard/client1.conf
You can use the following template but make sure to modify as needed.
[Interface]
Address = Assign IP to this client
PrivateKey = enter the key from 'cat client1_privatekey'
DNS = 1.1.1.1
[Peer]
PublicKey = Enter server public key
(Route all traffic through Wireguard)
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = Public IP:Lister Port
# Uncomment the following, if you're behind a NAT and want the connection to be kept alive.
PersistentKeepalive = 25
Once done, export this client config file to any supported Wireguard device and you can start using it to connect from Wireguard application on your device to Wireguard server.
Reference :