WireGuard Config Generator

Generate complete WireGuard server & client configurations — including key pairs — instantly in your browser.

100% client-side. All keys are generated locally in your browser using Curve25519. No data is ever sent to any server.

Server Configuration

Server Public IP *

Public IP address or domain of your VPN server.

Server Internal IP optional

Default: 10.25.0.1

Listen Port

Default WireGuard port: 51820

DNS (for clients)

DNS servers pushed to all clients.

Server Network Interface

Run ip route | grep default to find your interface name.

Server Private Key

Client Settings

Number of Clients *

Maximum 50 clients at once.

Allowed IPs (routing)

Use 0.0.0.0/0 to route all traffic through VPN.

Client Start Index

IP suffix and naming start point. e.g. 3 → client3, IP 10.25.0.3. Useful when adding clients to an existing setup.

Generated Configurations

New Keys Generated

wg0.conf — Server Config

Client Configurations

Installation & Usage Guide

Step-by-step instructions to install WireGuard and apply your generated configs.

Ubuntu 20.04 / 22.04 / 24.04 & Debian 11 / 12

Server Installation

Step 1

Update packages & install WireGuard

sudo apt update && sudo apt upgrade -y
sudo apt install -y wireguard wireguard-tools

Step 2

Enable IP forwarding

echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv6.conf.all.forwarding=1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

Step 3

Create the server config file

Copy the Server Config generated above and paste it:

sudo nano /etc/wireguard/wg0.conf

Adding clients to existing setup? Instead of replacing the file, copy only the New [Peer] Blocks output above and append them to the end of your existing wg0.conf.

sudo chmod 600 /etc/wireguard/wg0.conf

Step 4

Start WireGuard & enable on boot

sudo systemctl enable --now wg-quick@wg0
sudo systemctl status wg-quick@wg0

Step 5

Reload config after adding new peers (no restart needed)

sudo wg syncconf wg0 <(wg-quick strip wg0)

Step 6

Open the firewall port (UFW)

sudo ufw allow 51820/udp
sudo ufw reload

Client Setup (Ubuntu / Debian)

Step 1

Install WireGuard

sudo apt update
sudo apt install -y wireguard wireguard-tools

Step 2

Create the client config file

sudo nano /etc/wireguard/wg0.conf
sudo chmod 600 /etc/wireguard/wg0.conf

Step 3

Connect to the VPN

# Start VPN tunnel
sudo wg-quick up wg0

# Stop VPN tunnel
sudo wg-quick down wg0

# Auto-start on boot
sudo systemctl enable wg-quick@wg0

Step 4

Verify the connection

sudo wg show
ping 10.25.0.1

RHEL 8/9 · Rocky Linux 8/9 · AlmaLinux 8/9

Server Installation

Step 1

Install EPEL & WireGuard

For RHEL / Rocky / AlmaLinux 8:

sudo dnf install -y epel-release
sudo dnf install -y elrepo-release
sudo dnf install -y kmod-wireguard wireguard-tools

For RHEL / Rocky / AlmaLinux 9 (kernel module is built-in):

sudo dnf install -y epel-release
sudo dnf install -y wireguard-tools

Step 2

Enable IP forwarding

echo "net.ipv4.ip_forward=1" | sudo tee /etc/sysctl.d/99-wireguard.conf
echo "net.ipv6.conf.all.forwarding=1" | sudo tee -a /etc/sysctl.d/99-wireguard.conf
sudo sysctl --system

Step 3

Create the server config file

sudo nano /etc/wireguard/wg0.conf
sudo chmod 600 /etc/wireguard/wg0.conf

Adding clients to existing setup? Append only the New [Peer] Blocks to the end of your existing config, then reload with sudo wg syncconf wg0 <(wg-quick strip wg0).

Step 4

Open firewall port (firewalld)

sudo firewall-cmd --permanent --add-port=51820/udp
sudo firewall-cmd --permanent --add-masquerade
sudo firewall-cmd --reload

Step 5

Start WireGuard & enable on boot

sudo systemctl enable --now wg-quick@wg0
sudo systemctl status wg-quick@wg0

Client Setup (RHEL / Rocky / AlmaLinux)

Step 1

Install WireGuard tools

Version 8:

sudo dnf install -y epel-release elrepo-release
sudo dnf install -y kmod-wireguard wireguard-tools

Version 9:

sudo dnf install -y epel-release
sudo dnf install -y wireguard-tools

Step 2

Create the client config file

sudo nano /etc/wireguard/wg0.conf
sudo chmod 600 /etc/wireguard/wg0.conf

Step 3

Connect to the VPN

# Start VPN tunnel
sudo wg-quick up wg0

# Stop VPN tunnel
sudo wg-quick down wg0

# Auto-start on boot
sudo systemctl enable wg-quick@wg0

Step 4

Verify the connection

sudo wg show
ping 10.25.0.1

Useful WireGuard Commands (Quick Reference)

# Show tunnel status & connected peers
sudo wg show

# Restart the WireGuard service
sudo systemctl restart wg-quick@wg0

# Reload config without restart
sudo wg syncconf wg0 <(wg-quick strip wg0)

# Follow WireGuard logs in real-time
sudo journalctl -u wg-quick@wg0 -f

# Find your network interface name
ip route | grep default

# Get existing server private key
sudo grep PrivateKey /etc/wireguard/wg0.conf