User Manual

Install the client, find the WireGuard shortcut on the desktop and launch it.

The main program window will open. In the upper right corner of the screen, click on the '+' icon to configure the WireGuard client on your phone. Then click on 'Create from scratch'.

In the 'Name' field, enter a name for the connection, for example, 'wg-ios-client' (you can specify any arbitrary name). Go on to the creation of Private and Public keys. Click on 'Generate keypair'. Save the Public key to the phone clipboard (you will need it in the following settings step) by clicking on 'Public key'.

Perform the remote peer connection setup. Set the IP address in the 'Addresses' field of the WireGuard client in IP/bitmask format — 172.16.82.7/32 (internal tunnel address). It is possible to use a different subnet by selecting it from the private address range and avoiding overlapping with other subnets configured on these devices.

In the 'Peer' section, specify the server public key, server address, port, allowed addresses/subnets on the server side.

The public key should be obtained in the WireGuard server settings in the web interface of the Keenetic router. Copy the generated server public key by clicking on 'Save Public key to clipboard' and then paste it into your phone's peer settings.

In the 'Allowed IPs' field, enter the allowed IP addresses in IP/bitmask format — 172.16.82.1/32 (internal server address) and 192.168.22.0/24 (local segment address of the Keenetic router).

In the 'Endpoint' field, enter the public IP address or domain name of the WireGuard server and the listening port on which the WireGuard client will set the connection.

In the 'Persistent keepalive' field, specify the frequency of attempts to verify that the connection's remote side is available. Usually, a 10-15 second interval between checks is sufficient.

Save the settings by clicking on 'Save' in the upper right corner of the screen.

Setting up a remote connection on the WireGuard server side.

Connect to the web interface of the Keenetic router and go to 'Internet' — 'Other connections' menu. Click on the previously created WireGuard connection ('WG-S') and add 'Peer settings'. Clicking on 'Add Peer' will open the Peer Settings field, where you will enter the name of the tunnel 'wg-ios-client'.

In the 'Public Key' field, specify the key generated earlier in section 2 of this article.

In the 'Allowed IPs' fields, specify the address from which traffic will be allowed to the server in IP/bitmask format — 172.16.82.7/32.

In the 'Persistent keepalive' field, specify the frequency of attempts to check the remote connection side's availability. Usually, a 10-15 second interval between checks is sufficient. By default, the 'Persistent keepalive' value in peer settings is 30 seconds.

Click 'Save'.

Go back to the WireGuard client settings on your phone and activate the server connection.

In this example, we have the address of a Google DNS server 8.8.8.8:

Check server availability on the client side.

If configured correctly, the server's web interface will be available (in our example, it is Keenetic with IP address 192.168.22.1).

To check the server's availability, you can send ICMP packets to an IP address, for example, via iNetTools - Ping, DNS, Port Scan.

The setup is complete.