How to add any WireGuard VPN Client?

In an article on how to self host a WireGuard server on OpenBSD, I’ve added several smartphone and Linux clients. Here is a brief summary of steps of adding a peer to a WireGuard server. Create and print the keys that we need:

mkdir myclient && cd myclient

Then this copy and pastable snippet

umask 077 && wg genkey > wg-private-client.key
wg pubkey < wg-private-client.key > wg-public-client.key
cat wg-private-client.key
cat wg-public-client.key
doas cat /etc/wireguard/public.key

Edit doas vi /etc/wireguard/wg0.conf and add the next client IP, here we incremented to 3. 10.0.0.3:

# iPhone, iOS / Android smartphone / Linux
[Peer]
PublicKey = <CLIENT PUBKEY>
AllowedIPs = 10.0.0.3/32

Create a new client config vi wg-client.conf:

[Interface]
PrivateKey = <CLIENT PRIVKEY>
Address=10.0.0.3/32
DNS = 9.9.9.9

# Server
[Peer]
PublicKey = <SERVER PUBKEY>
Endpoint = <IP or FQDN>:51820
AllowedIPs = ::/0, 0.0.0.0/0
PersistentKeepalive = 25

Add the route with

wg-quick up ./wg-client.conf

or

wg addconf wg0 <(wg-quick strip wg0)

If the peer doesn’t show up in doas wg show force restart the interface with doas sh /etc/netstart wg0. I remember having some issues but I don’t exactly recall the circumstances. This one always worked for troubleshooting for me on config change.

If your client is a smartphone, you can generate a QR code for convenience, even on the command line via:

qrencode --read-from=wg-client.conf --type=UTF8 --level=M