· All Snippets · All in Privacy · All in VPN

How to add any WireGuard VPN Client?

In an article on how to self host a WireGuard server on OpenBSD, I’ve added several smartphone and Linux clients. Here is a brief summary of steps of adding a peer to a WireGuard server. Create and print the keys that we need:

mkdir myclient && cd myclient

Then this copy and pastable snippet

umask 077 && wg genkey > wg-private-client.key
wg pubkey < wg-private-client.key > wg-public-client.key
cat wg-private-client.key
cat wg-public-client.key
doas cat /etc/wireguard/public.key

Edit doas vi /etc/wireguard/wg0.conf and add the next client IP, here we incremented to 3.

# iPhone, iOS / Android smartphone / Linux
AllowedIPs =

Create a new client config vi wg-client.conf:


# Server
Endpoint = <IP or FQDN>:51820
AllowedIPs = ::/0,
PersistentKeepalive = 25

Add the route with

wg-quick up ./wg-client.conf


wg addconf wg0 <(wg-quick strip wg0)

If the peer doesn’t show up in doas wg show force restart the interface with doas sh /etc/netstart wg0. I remember having some issues but I don’t exactly recall the circumstances. This one always worked for troubleshooting for me on config change.

If your client is a smartphone, you can generate a QR code for convenience, even on the command line via:

qrencode --read-from=wg-client.conf --type=UTF8 --level=M

Last modified on Saturday, Nov 20, 2021.
Go back