Back to home

Complete Guide to WireGuard VPN Setup Server and All Clients

83 min read

Table of Contents

  1. Server Setup
  2. Linux Client
  3. MacOS Client
  4. Mobile Clients
  5. Windows Client

Server Setup

Prerequisites

  • A Linux server with Docker and Docker Compose
  • Open ports 51820/UDP and 51821/TCP
  • Public IP address or domain name

Docker Installation

For Ubuntu/Debian:

sudo apt update
sudo apt install docker.io docker-compose -y

For CentOS:

sudo yum install docker docker-compose -y
sudo systemctl start docker
sudo systemctl enable docker

WireGuard Server Setup

  1. Create a working directory:
mkdir wireguard
cd wireguard
  1. Create docker-compose.yml:
version: "3.8"  
services:  
  wg-easy:  
    environment:  
      - WG_HOST=43.139.113.x
      - PASSWORD=<your-password>
      - WG_DEFAULT_ADDRESS=10.10.10.x
      - WG_DEFAULT_DNS=114.114.114.114  
      - WG_ALLOWED_IPS=10.10.10.0/24
  
    image: weejewel/wg-easy  
    container_name: wg-easy  
    volumes:  
      - .:/etc/wireguard  
    ports:  
      - "51820:51820/udp"  
      - "51821:51821/tcp"  
    restart: unless-stopped  
    cap_add:  
      - NET_ADMIN  
      - SYS_MODULE  
    sysctls:  
      - net.ipv4.ip_forward=1  
      - net.ipv4.conf.all.src_valid_mark=1
  1. Configure firewall:
# Ubuntu/Debian
sudo ufw allow 51820/udp
sudo ufw allow 51821/tcp

# CentOS
sudo firewall-cmd --permanent --add-port=51820/udp
sudo firewall-cmd --permanent --add-port=51821/tcp
sudo firewall-cmd --reload
  1. Start the service:
docker-compose up -d

Linux Client

Installation

For Ubuntu/Debian:

sudo apt update
sudo apt install wireguard resolvconf -y

For CentOS:

sudo yum install epel-release -y
sudo yum install wireguard-tools -y

Configuration

# Create configuration directory
sudo mkdir -p /etc/wireguard

# Move configuration file
sudo mv wg0.conf /etc/wireguard/
sudo chmod 600 /etc/wireguard/wg0.conf

Management Commands

# Start connection
sudo wg-quick up wg0

# Enable auto-start
sudo systemctl enable wg-quick@wg0
sudo systemctl start wg-quick@wg0

# Check status
sudo wg
sudo systemctl status wg-quick@wg0

# Stop connection
sudo wg-quick down wg0

# View logs
sudo journalctl -fu wg-quick@wg0

MacOS Client

GUI Method

  1. Install WireGuard from the App Store
  2. Download configuration from Web UI
  3. Import configuration by dragging into the app
  4. Click to activate connection

Command Line Method

# Install WireGuard
brew install wireguard-tools

# Create configuration directory
sudo mkdir -p /usr/local/etc/wireguard

# Move configuration
sudo mv ~/Downloads/wg0.conf /usr/local/etc/wireguard/

Auto-reconnect Setup

Create LaunchDaemon:

sudo tee /Library/LaunchDaemons/com.wireguard.wg0.plist << 'EOF'
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>com.wireguard.wg0</string>
    <key>ProgramArguments</key>
    <array>
        <string>/usr/local/bin/wg-quick</string>
        <string>up</string>
        <string>wg0</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
    <key>KeepAlive</key>
    <true/>
</dict>
</plist>
EOF

sudo chown root:wheel /Library/LaunchDaemons/com.wireguard.wg0.plist
sudo chmod 644 /Library/LaunchDaemons/com.wireguard.wg0.plist

Mobile Clients

Android Setup

  1. Install WireGuard from Google Play Store
  2. Open Web UI (https://43.139.113.x:51821)
  3. Generate new client configuration
  4. Scan QR code or import configuration file
  5. Tap to connect

iOS Setup

  1. Install WireGuard from App Store
  2. Access Web UI
  3. Generate new client configuration
  4. Scan QR code or use AirDrop
  5. Allow VPN configuration installation
  6. Toggle to connect

Windows Client

  1. Download WireGuard installer from official website
  2. Run installer
  3. Download configuration from Web UI
  4. Click "Import tunnel(s) from file"
  5. Select downloaded configuration
  6. Click "Activate" to connect

Server Maintenance

Docker Commands

# View logs
docker logs -f wg-easy

# Restart container
docker-compose restart

# Update image
docker-compose pull
docker-compose up -d

# Stop service
docker-compose down

Client Management

  • Each client needs a unique configuration
  • Name clients in Web UI for easy management
  • Disable or remove clients through Web UI
  • Set device limits if needed
  • Update clients regularly for security

Troubleshooting

Server Issues

  1. Check Docker container status:
docker ps
docker logs wg-easy
  1. Verify port accessibility:
netstat -tulpn | grep -E '51820|51821'

Client Issues

  1. Check connection status:
sudo wg show all
  1. Verify DNS resolution:
ping -c 3 google.com
  1. Review system logs:
sudo journalctl -u wg-quick@wg0

Security Considerations

  1. Keep server and clients updated
  2. Use strong passwords for Web UI
  3. Regularly audit active connections
  4. Secure configuration files
  5. Monitor server logs
  6. Implement client-specific access rules

Conclusion

This guide provides a comprehensive setup for WireGuard VPN across different platforms. Regular maintenance and updates are crucial for security. The Web UI makes client management straightforward, while command-line tools offer advanced control when needed.

Remember to replace placeholder values (like IP addresses and passwords) with your actual configuration details.