---
website: https://www.wireguard.com/
obj: application
android-id: com.wireguard.android
---

# Wireguard
[WireGuard](https://www.wireguard.com/) is an extremely simple yet fast and modern VPN that utilizes state-of-the-art [cryptography](../../cryptography/Cryptography.md). It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the [Linux](../../linux/Linux.md) kernel, it is now cross-platform ([Windows](../../windows/Windows.md), [macOS](../../macos/macOS.md), BSD, iOS, [Android](../../systems/Android.md)) and widely deployable.

## Configuration
### Generate Key Pair
Before configuring WireGuard, you need to generate a key pair for the server and each client.
```shell
# Generate private and public key for the server
wg genkey | tee privatekey | wg pubkey > publickey

# Repeat the process for each client
wg genkey | tee privatekey-client1 | wg pubkey > publickey-client1
```

### Server Configuration
Create a configuration file for the WireGuard server, typically named `wg0.conf`.

```ini
[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = <server_private_key>

[Peer]
PublicKey = <client1_public_key>
AllowedIPs = 10.0.0.2/32
```

### Client Configuration
Create a configuration file for each client, replacing `<server_public_key>` and `<client_private_key>` with the appropriate keys.

```ini
[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = <server_private_key>

[Peer]
PublicKey = <client1_public_key>
AllowedIPs = 10.0.0.2/32
```

## Start WireGuard
### [Linux](../../linux/Linux.md)
```
sudo wg-quick up wg0
```

### [macOS](../../macos/macOS.md) and [Windows](../../windows/Windows.md)
Use the provided GUI application or run the following command in the terminal.
```
sudo wg-quick up wg0
```

## Docker Compose
There is a simple [docker](../../tools/Docker.md) container with a fancy web GUI.
```yaml
version: "3.8"
services:
  wg-easy:
    environment:
      - WG_HOST=yourdomain.com
      - PASSWORD=password
      - WG_PORT=51820
      - WG_DEFAULT_ADDRESS=10.8.0.x
      - WG_DEFAULT_DNS=1.1.1.1
      - WG_MTU=1420
      - WG_ALLOWED_IPS=192.168.178.0/24
      - WG_PRE_UP=echo "Pre Up" > /etc/wireguard/pre-up.txt
      - WG_POST_UP=echo "Post Up" > /etc/wireguard/post-up.txt
      - WG_PRE_DOWN=echo "Pre Down" > /etc/wireguard/pre-down.txt
      - WG_POST_DOWN=echo "Post Down" > /etc/wireguard/post-down.txt
    image: weejewel/wg-easy
    volumes:
      - ./config:/etc/wireguard
    ports:
    # WireGuard Port
      - "51820:51820/udp"
    # Web UI
      - "51821:51821/tcp"
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1
```