How to configure a WireGuard Windows 10 VPN client

Part 3 of 7 in Gain flexibility & increase privacy with WireGuard VPN
Jay Rogers avatar
Jay Rogers May 22nd, 2020

This post belongs to my “mini-course” on Gain flexibility & increase privacy with WireGuard VPN. I’ll only be walking through how to set up a client for WireGuard on Windows 10.

If you don’t have a server (or even if you already have one), definitely start from the top. I make a few assumptions and I broke things into separate posts because I try to get as detailed as possible.

If you are just here for the client configuration, keep reading!

What you’ll achieve

  • We will be using the official client from WireGuard on Windows 10 to connect to our WireGuard VPN server
  • All Internet traffic on the Windows 10 Client will pass through our WireGuard VPN first, then access the Internet

Here is what this looks like:

Prerequisites

Download the WireGuard Client

Always download clients from official sources. You can find that here: https://www.wireguard.com/install/

Install & Configure

Once you install the client, you will want to click the arrow next to “Add Tunnel”, then click Add empty tunnnel....

What’s nice about this is the GUI creates a public and private key for us automatically.

We’re far from done, so let’s get it to connect to our server.

Expanding the configuration

We need to update the configuration file to look like this:

[Interface]
PrivateKey = abcdefghijklmnopqrstuvwxyz1234567890=+
Address = 10.0.0.3/24
DNS = 1.1.1.1, 1.0.0.1

[Peer]
PublicKey = YOUR_SERVER_PUBLIC_KEY
AllowedIPs = 0.0.0.0/0
Endpoint = YOUR_SERVER_WAN_IP:51820

IMPORTANT: You need to replace YOUR_SERVER_PUBLIC_KEY and YOUR_SERVER_WAN_IP

I dive into detail what this all means in another post, but make sure you are also setting your Address to a unique IP address on your virtual private network.

This is what mine looks like (again, never share your private key. This is just a demo):

Checking Block untunneled traffic will make sure that all of our traffic is being routed through our VPN.

Add your client key to your server

If you press Activate on the next screen, it will not connect. Your server needs to know who you are.

Adding your client’s public key to the server

The easiest way to add your key to your server is through the wg set command.

ON YOUR SERVER run this command:

sudo wg set wg0 peer YOUR_CLIENT_PUBLIC_KEY allowed-ips YOUR_CLIENT_VPN_IP

IMPORTANT: You need to replace YOUR_CLIENT_PUBLIC_KEY and YOUR_CLIENT_VPN_IP

You can compare my command below to my diagram at the top of my post for exactly what I mean:

Test your connection

On your Windows 10 machine, press the Activate button. You should see a successful connection be made:

Once you are connected, head on over to dnsleaktest.com. This will tell you two things:

  1. Is your DNS “leaking” (using a different DNS provider outside of your VPN)?
  2. Is your IP Address different?

If you followed my configuration, all DNS tests should comeback using “CloudFlare”.

Test the DNS Leak with WireGuard VPN active and inactive. Compare the results.

The last place to run a test is fast.com. This will run a speed test of your connection. If you run notice a dramatic decline in speed, try setting up a server in a region that is close to you (where you will usually be connecting from). I’ve always had good luck with Digital Ocean, Vultr, and Linode.

That’s all!

If you have any other clients to configure, check out my “mini-course” where you can learn to configure macOS, iOS, Android and more with WireGuard VPN.

Any questions, just let me know! You can add them to the comments below or ask me on Twitter. If you like posts like this, you can get more of them if you sign up on our mailing list.

Keep Reading
View the course View the Course Gain flexibility & increase privacy with WireGuard VPN
Up Next → How to configure a WireGuard macOS client

Products used in this post

In order for us to make quality content for you tomorrow, we use affiliate links to conveniently show you our toolkit. These links do not cost you anything more, but they do kick a few dollars back to us when you make a purchase. If you really like us, buy our book or buy us a beer.

Support future content

The Ultimate Guide to Building APIs and Single-Page Applications with Laravel + VueJS + Capacitor book cover.

Psst... any earnings that we make off of our book is being reinvested to bringing you more content. If you like what you read, consider getting our book or you can buy us a beer.

Written By Jay

Jay Rogers avatar Jay Rogers

I’m a DevOps engineer who accidentally ended up in application & user-experience design. ?? I'm a husband and proud dog-dad who co-founded 521 Dimensions & Server Side Up. I like to having meaningful conversations with people who love building things. Please reach out and say hello!

Like this? Subscribe

We’re privacy advocates. We will never spam you and we only want to send you emails that you actually want to receive. One-click unsubscribes are instantly honored.

What topics are you interested in?
Are you interested in our upcoming book?