Generating WireGuard QR codes for fast mobile deploymentsPart 5 of 7 in Gain flexibility & increase privacy with WireGuard VPN
If you have been following along on my Gain Flexibility & Increase Privacy with WireGuard VPN “mini-course”, you’ll notice that there are a few areas that we need apply configurations in order for our devices to get connected.
Typing all of this in manually on mobile can be a massive pain, especially if you are supporting a remote device for a user.
QR Codes to the rescue!
We can use QR codes to send VPN configuration files out. This is brilliant engineering on WireGuard’s part.
- You need a working Ubuntu 20.04 WireGuard VPN Server (learn how to set that up here)
- You will need the
qrencodepackage installed on your server
Installing the package is easy. Run this command on your SERVER:
sudo apt install qrencode
Creating the client keys
Unlike macOS and Windows (where our keys are generated on the server), we will need to create the configuration on the server itself.
I like to keep my client configurations in “/etc/wireguard/clients”, so let’s make that directory on the server. I am also going to create a keypair called
mobile, so you will see me reference this name again throughout my post.
sudo mkdir -p /etc/wireguard/clients; wg genkey | sudo tee /etc/wireguard/clients/mobile.key | wg pubkey | sudo tee /etc/wireguard/clients/mobile.key.pub
IMPORTANT NOTE: Be sure to change the
mobile name in that command to a descriptive client name of your choice (for both the private and public key).
Creating the client configuration file
We’ll then need to create a client configuration file to be encoded into a QR code. We’ll use
nano to do the trick:
sudo nano /etc/wireguard/clients/mobile.conf
This is what we will want our “/etc/clients/mobile.conf” file to look like:
[Interface] PrivateKey = abcdefghijklmnopqrstuvwxyz1234567890=+ Address = YOUR_VPN_PRIVATE_IP/24 DNS = 126.96.36.199, 188.8.131.52 [Peer] PublicKey = YOUR_SERVER_PUBLIC_KEY AllowedIPs = 0.0.0.0/0 Endpoint = YOUR_SERVER_WAN_IP:51820
IMPORTANT: You need to replace
ALSO IMPORTANT: Paste in the contents of your “mobile.key” for the value of
PrivateKey. I used the example of
abcdefg... but you can get the contents of your key by running the
cat command in a separate window:
TO SAVE: While in
nano, press CTRL + O to save and CTRL + X to quit.
Generate your QR code
Now that we have our file ready, we can now generate a QR code with it:
qrencode -t ansiutf8 < /etc/wireguard/clients/mobile.conf
It will output an image like this:
Treat this QR code like a password! Don’t just email it. You can take a screenshot and securely send it to your user so only they have access to it.
Load it into the app
All you need your user to do is open the app on their phone and hold their camera up to the QR code. You can see the entire process here:
Hope this helps!
Get more stuff like this in your inbox or you can always follow me on Twitter for the latest updates.