DIY VPN - Sun, Jun 9, 2024

Host your own free VPN!

This page contains some useful commands regarding the manual configuration of a VPN using WireGuard on Linux. To ensure that the information is up to date, check out the official WireGuard website.

Side by Side Video

Before explaining the actual comands in detail, it may be extremely instructive to first watch them being used by two peers being configured side by side:

Command-line Interface

A new interface can be added via ip-link(8), which should automatically handle module loading:

ip link add dev wg0 type wireguard

(Non-Linux users will instead write wireguard-go wg0.)

An IP address and peer can be assigned with ifconfig(8) or ip-address(8)

ip address add dev wg0 192.168.2.1/24

Or, if there are only two peers total, something like this might be more desirable:

ip address add dev wg0 192.168.2.1 peer 192.168.2.2

The interface can be configured with keys and peer endpoints with the included wg(8) utility:

wg setconf wg0 myconfig.conf

or

wg set wg0 listen-port 51820 private-key /path/to/private-key peer ABCDEF... allowed-ips 192.168.88.0/24 endpoint 209.202.254.14:8172

Finally, the interface can then be activated with ifconfig(8) or ip-link(8):

ip link set up dev wg0