Getting Started

This guide will walk you through the process of installing and configuring your WireGuard VPN server using the wireguard-install script.

Prerequisites

Before you begin, ensure you have the following:

  1. A supported Linux server: See the full list on the Supported Platforms page.
  2. Root access: The script must be run as the root user.

Installation

The installation process involves downloading the script, making it executable, and running it.

Open your server's terminal and run the following commands:

# Download the script
curl -O https://raw.githubusercontent.com/angristan/wireguard-install/master/wireguard-install.sh

# Make it executable
chmod +x wireguard-install.sh

# Run the script as root
./wireguard-install.sh

Initial Setup Walkthrough

Once executed, the script will guide you through a series of questions to configure the server. You can accept the default values by pressing Enter if they are suitable for your environment.

  1. Public Address: The script will attempt to auto-detect your server's public IPv4 or IPv6 address. Verify that this is correct. 

    IPv4 or IPv6 public address: [auto-detected IP]

  2. Public Interface: The script will also auto-detect your public network interface. 

    Public interface: [auto-detected interface, e.g., eth0]

  3. WireGuard Interface Name: You can name your WireGuard interface. The default wg0 is standard. 

    WireGuard interface name: [wg0]

  4. Server's WireGuard IP: These are the internal IP addresses the WireGuard server will use within the VPN tunnel. The defaults are typically fine. 

    Server WireGuard IPv4: [10.66.66.1]
Server WireGuard IPv6: [fd42:42:42::1]

  5. Server's Port: The UDP port WireGuard will listen on. The script suggests a random port from the private range (49152-65535). 

    Server WireGuard port [1-65535]: [random port]

  6. DNS Resolvers: Choose the DNS servers your clients will use when connected to the VPN. Cloudflare's 1.1.1.1 and 1.0.0.1 are the defaults. 

    First DNS resolver to use for the clients: [1.1.1.1]
Second DNS resolver to use for the clients (optional): [1.0.0.1]

  7. Allowed IPs: This defines which traffic from the client should be routed through the VPN. The default 0.0.0.0/0,::/0 routes all IPv4 and IPv6 traffic, which is typical for a full-tunnel VPN. 

    Allowed IPs list for generated clients (leave default to route everything): [0.0.0.0/0,::/0]

After answering these questions, the script will proceed to install WireGuard, configure the firewall, and set up the system services.

Creating Your First Client

Immediately after the server setup is complete, the script will prompt you to create your first client configuration.

  1. Client Name: Provide a simple, alphanumeric name for your first client. 

    Client name: client1

  2. Client IPs: The script will suggest the next available internal IPv4 and IPv6 addresses for the client. You can usually accept the defaults. 

    Client WireGuard IPv4: 10.66.66.2
Client WireGuard IPv6: fd42:42:42::2

Once complete, the script will generate a client configuration file and display a QR code.

  • Configuration File: The file will be saved in the home directory of the user running the script (e.g., /root/wg0-client-client1.conf or /home/user/wg0-client-client1.conf).
  • QR Code: The QR code can be scanned by the WireGuard mobile app for instant configuration.

Your VPN server is now running and your first client is ready to connect!