How to add any WireGuard VPN Client?
In an article on how to self host a WireGuard server on OpenBSD, I’ve added several smartphone and Linux clients. Here is a brief summary of steps of adding a peer to a WireGuard server. Create and print the keys that we need:
mkdir myclient && cd myclient
Then this copy and pastable snippet
umask 077 && wg genkey > wg-private-client.key wg pubkey < wg-private-client.key > wg-public-client.key cat wg-private-client.key cat wg-public-client.key doas cat /etc/wireguard/public.key
doas vi /etc/wireguard/wg0.conf and add the next client IP, here we incremented to 3.
# iPhone, iOS / Android smartphone / Linux [Peer] PublicKey = <CLIENT PUBKEY> AllowedIPs = 10.0.0.3/32
Create a new client config
[Interface] PrivateKey = <CLIENT PRIVKEY> Address=10.0.0.3/32 DNS = 22.214.171.124 # Server [Peer] PublicKey = <SERVER PUBKEY> Endpoint = <IP or FQDN>:51820 AllowedIPs = ::/0, 0.0.0.0/0 PersistentKeepalive = 25
Add the route with
wg-quick up ./wg-client.conf
wg addconf wg0 <(wg-quick strip wg0)
If the peer doesn’t show up in
doas wg show force restart the interface with
doas sh /etc/netstart wg0. I remember having some issues but I don’t exactly recall the circumstances. This
one always worked for troubleshooting for me on config change.
If your client is a smartphone, you can generate a QR code for convenience, even on the command line via:
qrencode --read-from=wg-client.conf --type=UTF8 --level=M
Last modified on Saturday, Nov 20, 2021.