This post belongs to my “mini-course” on Gain flexibility & increase privacy with WireGuard VPN. I’ll only be walking through how to set up a client for WireGuard on Windows 10.
If you don’t have a server (or even if you already have one), definitely start from the top. I make a few assumptions and I broke things into separate posts because I try to get as detailed as possible.
If you are just here for the client configuration, keep reading!
What you’ll achieve
- We will be using the official client from WireGuard on Windows 10 to connect to our WireGuard VPN server
- All Internet traffic on the Windows 10 Client will pass through our WireGuard VPN first, then access the Internet
Here is what this looks like:
- You need a working WireGuard Server (learn how to set that up here)
- You need a Windows 10 computer with admin privileges for install
- The user must also be apart of the local admins group to run the VPN connection (thanks to /u/dubtea on Reddit)
Download the WireGuard Client
Always download clients from official sources. You can find that here: https://www.wireguard.com/install/
Install & Configure
Once you install the client, you will want to click the arrow next to “Add Tunnel”, then click
Add empty tunnnel....
What’s nice about this is the GUI creates a public and private key for us automatically.
We’re far from done, so let’s get it to connect to our server.
Expanding the configuration
We need to update the configuration file to look like this:
[Interface] PrivateKey = abcdefghijklmnopqrstuvwxyz1234567890=+ Address = 10.0.0.3/24 DNS = 220.127.116.11, 18.104.22.168 [Peer] PublicKey = YOUR_SERVER_PUBLIC_KEY AllowedIPs = 0.0.0.0/0 Endpoint = YOUR_SERVER_WAN_IP:51820
IMPORTANT: You need to replace
I dive into detail what this all means in another post, but make sure you are also setting your
Address to a unique IP address on your virtual private network.
This is what mine looks like (again, never share your private key. This is just a demo):
Block untunneled traffic will make sure that all of our traffic is being routed through our VPN.
Add your client key to your server
If you press
Activate on the next screen, it will not connect. Your server needs to know who you are.
Adding your client’s public key to the server
The easiest way to add your key to your server is through the
wg set command.
ON YOUR SERVER run this command:
sudo wg set wg0 peer YOUR_CLIENT_PUBLIC_KEY allowed-ips YOUR_CLIENT_VPN_IP
IMPORTANT: You need to replace
You can compare my command below to my diagram at the top of my post for exactly what I mean:
Test your connection
On your Windows 10 machine, press the
Activate button. You should see a successful connection be made:
Once you are connected, head on over to dnsleaktest.com. This will tell you two things:
- Is your DNS “leaking” (using a different DNS provider outside of your VPN)?
- Is your IP Address different?
If you followed my configuration, all DNS tests should comeback using “CloudFlare”.
Test the DNS Leak with WireGuard VPN active and inactive. Compare the results.
The last place to run a test is fast.com. This will run a speed test of your connection. If you run notice a dramatic decline in speed, try setting up a server in a region that is close to you (where you will usually be connecting from). I’ve always had good luck with Digital Ocean, Vultr, and Linode.
If you have any other clients to configure, check out my “mini-course” where you can learn to configure macOS, iOS, Android and more with WireGuard VPN.