How to configure a WireGuard client

Configure a WireGuard client on Linux, macOS, or Windows to connect to a WireGuard VPN server.

How to configure a WireGuard client
Prerequisites
Step-by-Step: Configure a WireGuard Client
How to Verify the Client Is Connected

How to configure a WireGuard client

Configure a WireGuard client on Linux, macOS, or Windows to connect to a WireGuard VPN server.

Prerequisites

WireGuard installed on the client device.
The server's public key and endpoint address.

Step-by-Step: Configure a WireGuard Client

Generate the client key pair:

wg genkey | tee client_private.key | wg pubkey > client_public.key

Create the client configuration file (e.g., wg0.conf):
```
[Interface]
PrivateKey = <CLIENT_PRIVATE_KEY>
Address = 10.0.0.2/24
DNS = 1.1.1.1

[Peer]
PublicKey = <SERVER_PUBLIC_KEY>
Endpoint = server.example.com:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25
```
AllowedIPs = 0.0.0.0/0 routes all traffic through the tunnel. Use AllowedIPs = 10.0.0.0/24 to route only VPN traffic. PersistentKeepalive = 25 sends a keepalive packet every 25 seconds to maintain the connection behind NAT.
Connect the tunnel:
```
sudo wg-quick up wg0
```

How to Verify the Client Is Connected

sudo wg show

A successful connection shows a recent handshake timestamp under the peer section.