Windows
Start or Stop WireGuard Tunnel on Windows
To start a WireGuard tunnel, go to the start menu and type services.msc
. Click “Yes” to any security warning. Scroll down to the bottom and you will see the available WireGuard tunnels. Right-click and select Start or Stop, as appropriate.
To manually start or stop the service from an administrative command line, enter:
C:\>net stop WireGuardTunnel$london
The WireGuard Tunnel: london service is stopping.
The WireGuard Tunnel: london service was stopped successfully.
C:\>net start WireGuardTunnel$london
The WireGuard Tunnel: london service is starting..
The WireGuard Tunnel: london service was started successfully.
Install or Remove a WireGuard Tunnel on Windows
From an Administrative command prompt enter the following:
C:\>wireguard /installtunnelservice {full-path-to-config-file}\{interface}.conf
C:\>wireguard /uninstalltunnelservice {interface}
There is no text returned for successfully installing or removing the service.
Linux
Installing
# Install wireguard and resolvconf (for dns to work properly)
# Install iptables (optional)
sudo apt install wireguard resolvconf iptables
Starting and Stopping WireGuard Tunnel on Linux
sudo wg-quick up {interface}
sudo wg-quick down {interface}
Enabling WireGuard on Startup with systemd
sudo systemctl enable wg-quick@{interface}.service
sudo systemctl start wg-quick@{interface}.service
Subnet Routing
PostUp=iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown=iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
Also be sure the configure the AllowedIPs for the host doing the routing, on each client, specifying the subnet being routed, for example, 10.0.0.0/24
.
PublicKey = +xISS...
PresharedKey = HdMrT...
Endpoint = 18.xx.yy.zz:ppppp
AllowedIPs = 10.0.0.1/32, 10.0.0.0/24
Bridging
PostUp=iptables -A FORWARD -i wlan0 -o korea -j ACCEPT; iptables -A FORWARD -i korea -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -A POSTROUTING -o korea -j MASQUERADE
PostDown=iptables -A FORWARD -i wlan0 -o korea -j ACCEPT; iptables -A FORWARD -i korea -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -A POSTROUTING -o korea -j MASQUERADE
On each client add 0.0.0.0/0
to the AllowedIPs for the bridge host.
Statistics
wg
These commands apply to both Windows and Linux
wg
wg show all transfer
wg show {interface} transfer
wg show all dump