User Tools

Site Tools



WireGuard is an open-source software application and protocol that implements virtual private network (VPN) techniques to create secure point-to-point connections in routed or bridged configurations. It is run as a module inside the Linux kernel and aims for better performance than the IPsec and OpenVPN tunneling protocols. It is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. It uses UDP.


WireGuard can be installed through the package wireguard and luci-app-wireguard for integration with LuCI.

Creating a Wireguard interface

To create a new Wireguard interface go to Network > Interfaces > Add new interface… and select “Wireguard VPN” from the “Protocol of the new interface” dropdown menu.

Generate a key pair

To generate a key pair of private and public keys, and store them to the files “privkey” and “pubkey” respectively, run:

wg genkey | tee privkey | wg pubkey > pubkey
  • The private key (“privkey”) must be kept secret and safe; It's the key you enter into the config, for example in LuCI.
  • The public key (“pubkey”) is shared with peers (the other end that gets connected with).

If you are using LuCI to configure WireGuard, it's enough to run “wg genkey” and copy the output into the field “Private Key”; The public key is then later shown in the LuCI interface under Status > WireGuard status.

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
docs/guide-user/services/vpn/wireguard/start.txt · Last modified: 2019/08/26 15:09 by vgaetera