💾 Archived View for nox.im › snippets › how-to-add-any-wireguard-client captured on 2022-06-03 at 23:01:49. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
In an article on how to self host a WireGuard server on OpenBSD[1], I've added several smartphone and Linux clients. Here is a brief summary of steps of adding a peer to a WireGuard server. Create and print the keys that we need:
1: an article on how to self host a WireGuard server on OpenBSD
mkdir myclient && cd myclient
Then this copy and pastable snippet
umask 077 && wg genkey > wg-private-client.key wg pubkey < wg-private-client.key > wg-public-client.key cat wg-private-client.key cat wg-public-client.key doas cat /etc/wireguard/public.key
Edit `doas vi /etc/wireguard/wg0.conf` and add the next client IP, here we incremented to 3. `10.0.0.3`:
# iPhone, iOS / Android smartphone / Linux [Peer] PublicKey = <CLIENT PUBKEY> AllowedIPs = 10.0.0.3/32
Create a new client config `vi wg-client.conf`:
[Interface] PrivateKey = <CLIENT PRIVKEY> Address=10.0.0.3/32 DNS = 9.9.9.9 # Server [Peer] PublicKey = <SERVER PUBKEY> Endpoint = <IP or FQDN>:51820 AllowedIPs = ::/0, 0.0.0.0/0 PersistentKeepalive = 25
Add the route with
wg-quick up ./wg-client.conf
or
wg addconf wg0 <(wg-quick strip wg0)
If the peer doesn't show up in `doas wg show` force restart the interface with `doas sh /etc/netstart wg0`. I remember having some issues but I don't exactly recall the circumstances. This one always worked for troubleshooting for me on config change.
If your client is a smartphone, you can generate a QR code for convenience, even on the command line via:
qrencode --read-from=wg-client.conf --type=UTF8 --level=M