Connecting to WireGuard VPN from Linux

Starting from KeeneticOS 3.3, it is possible to use a WireGuard VPN tunnel to remotely connect to the local network of the Keenetic router.

Important

If you plan to set up your Keenetic as a VPN server, make sure that it has a public IP address, and if you use KeenDNS, that it works in 'Direct access' mode, which also requires a public IP address. If any of these conditions are not met, you will not connect to such a server from the Internet.

First, you need to configure the WireGuard server on the Keenetic device. The following instruction shows the process: Configuring a WireGuard VPN between two Keenetic routers. Then move on to the VPN client setup.

Here is an example of how to connect to the VPN server from a Linux operating system, using CLI (terminal) for setting up the connection in Ubuntu 18.04 LTS and the graphical interface in the Linux Mint 19.3 LTS distribution.

To establish a connection to a Keenetic WireGuard server on a Linux-based computer, you must install the WireGuard package using the built-in apt package manager.

Installation and configuration options in the terminal

Launch the terminal and install the necessary packages needed for WireGuard to work in the terminal and configure the connection in NetworkManager GUI (a program for managing network connections): application package, kernel module, kernel header files.

[my@my-wrk-lnv ~]$ sudo apt install wireguard
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  wireguard-tools
Suggested packages:
  openresolv | resolvconf
The following NEW packages will be installed:
  wireguard wireguard-tools
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 90,0 kB of archives.
After this operation, 344 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://mirrors.daticum.com/ubuntu impish/universe amd64 wireguard-tools amd64 1.0.20210424-1ubuntu1 [86,9 kB]
Get:2 http://mirrors.daticum.com/ubuntu impish/universe amd64 wireguard all 1.0.20210424-1ubuntu1 [3 126 B]
Fetched 90,0 kB in 0s (1 181 kB/s)
Selecting previously unselected package wireguard-tools.
(Reading database ... 234329 files and directories currently installed.)
Preparing to unpack .../wireguard-tools_1.0.20210424-1ubuntu1_amd64.deb ...
Unpacking wireguard-tools (1.0.20210424-1ubuntu1) ...
Selecting previously unselected package wireguard.
Preparing to unpack .../wireguard_1.0.20210424-1ubuntu1_all.deb ...
Unpacking wireguard (1.0.20210424-1ubuntu1) ...
Setting up wireguard-tools (1.0.20210424-1ubuntu1) ...
wg-quick.target is a disabled or a static unit not running, not starting it.
Setting up wireguard (1.0.20210424-1ubuntu1) ...
Processing triggers for man-db (2.9.4-2) ...

Create a Private Key and a Public Key:

[my@my-wrk-lnv ~]$ cd /etc/wireguard/
[my@my-wrk-lnv wireguard]$ umask 077
[my@my-wrk-lnv wireguard]$ sudo -i
[sudo] password for my:
root@my-wrk-lnv:~# cd /etc/wireguard/
root@my-wrk-lnv:/etc/wireguard# wg genkey > private-key
root@my-wrk-lnv:/etc/wireguard# wg pubkey > public-key < private-key
root@my-wrk-lnv:~# exit
[my@my-wrk-lnv wireguard]$ sudo cat private-key AOSXWm+sXxRuu/Uo8lysE4PIwVZTRDD+YV6w3HicGHg=
[my@my-wrk-lnv wireguard]$ sudo cat public-key xxKBcZlhZlbjW7yFuhZ08l294HBAp2I/iM05YE8vs0Y=
[my@my-wrk-lnv wireguard]$ cd -
[my@my-wrk-lnv ~]$

Important

If you get the 'Permission denied' result after typing cd /etc/wireguard/, you do not have root access to read the directory.

[my@my-wrk-lnv ~]$ cd /etc/wireguard/
bash: cd: /etc/wireguard/: Permission denied

Change the owner, who can access the directory without root access rights:

[my@my-wrk-lnv ~]$ sudo chown -R my /etc/wireguard/
[my@my-wrk-lnv ~]$ cd /etc/wireguard
[my@my-wrk-lnv wireguard]$

After configuring the connection, you can change back the owner for access to the default directory:

[my@my-wrk-lnv wireguard]$ cd - /home/my
[my@my-wrk-lnv ~]$ sudo chown -R root /etc/wireguard/

Create the wg-client.conf configuration file:

[my@my-wrk-lnv wireguard]$ sudo touch wg-client.conf
[my@my-wrk-lnv wireguard]$ ls -1
private-key
public-key
wg-client.conf

Let's add the connection settings to the created configuration file wg-client.conf by opening the file with a text editor, for example, nano:
```
[my@my-wrk-lnv wireguard]$ sudo nano wg-client.conf
[sudo] password for my:

[Interface]
PrivateKey = AOSXWm+sXxRuu/Uo8lysE4PIwVZTRDD+YV6w3HicGHg=
Address = 172.16.82.5/24
DNS =

[Peer]
PublicKey = 1YVx+x3C817V9YdhUtpUhzyDLVj5tnK2m//WjFGynm4=
AllowedIPs = 172.16.82.1/32, 192.168.22.0/24
Endpoint = wgwrkserver.dynns.com:16631
PersistentKeepalive = 5
```
```
[my@my-wrk-lnv wireguard]$ sudo nano wg-client.conf
[sudo] пароль для my:

[Interface]
PrivateKey = AOSXWm+sXxRuu/Uo8lysE4PIwVZTRDD+YV6w3HicGHg=
Address = 172.16.82.5/24
DNS =

[Peer]
PublicKey = 1YVx+x3C817V9YdhUtpUhzyDLVj5tnK2m//WjFGynm4=
AllowedIPs = 172.16.82.1/32, 192.168.22.0/24
Endpoint = wgwrkserver.dynns.com:16631
PersistentKeepalive = 5
```
Configuring client's [Interface]:
In the client interface's 'PrivateKey' field, enter the private key created in step 2.
The key can be viewed with the cat command:
```
[my@my-wrk-lnv wireguard]$ sudo cat private-key
AOSXWm+sXxRuu/Uo8lysE4PIwVZTRDD+YV6w3HicGHg=
```
In the 'Addresses' field of the client interface, specify the IP address in IP/bitmask format — 172.16.82.5/24 (this is the internal address of the tunnel). Another subnet can be used, but it must be chosen from a private address range and avoid overlap with other subnets configured on these devices.
Important
If you have Internet access through a WireGuard VPN tunnel configured on the [Interface] side of the client, you must specify the DNS server in the 'DNS=' field.
In our example, the address of the DNS server from Google 8.8.8.8:
```
[Interface]
PrivateKey =AOSXWm+sXxRuu/Uo8lysE4PIwVZTRDD+YV6w3HicGHg=
Address = 172.16.82.5/24
DNS = 8.8.8.8

[Peer]
PublicKey = 1YVx+x3C817V9YdhUtpUhzyDLVj5tnK2m//WjFGynm4=
AllowedIPs = 172.16.82.1/32, 192.168.22.0/24
Endpoint = enpwgwrkserver.dynns.com:16631
PersistentKeepalive = 5
```
Configuring the server's [Peer]:
In the 'Public key' field, insert the public key of the server, which can be copied to the clipboard from the WireGuard settings in the router's web interface:
In the 'AllowedIPs' field, enter allowed IP addresses in IP/bitmask format — 172.16.82.1/32 (the internal server address) and 192.168.22.0/24 (address of the local segment of the Keenetic router).
In the 'Endpoint' field, enter the public IP address or domain name of the WireGuard server and the listening port on which the WireGuard client will establish communication.
In the 'PersistentKeepalive' field, enter the frequency of attempts to check the availability of the remote side of the connection. Usually, a 3-5 second interval between checks is enough.
Set up a remote connection on the side of the previously configured WireGuard server.
Connect to the router's web interface and go to the 'Other connections' page in the 'Internet' menu. Click on the previously created WireGuard connection ('wg-keenetic-server') and add the peer's settings. Click on 'Add peer' to open the peer settings window, in which you specify the name of the tunnel 'wg-ubuntu-home'.
In the 'Public key' field, insert the key created in step 2.
As a reminder, the key can be viewed with the cat command:
```
[my@my-wrk-lnv wireguard]$ sudo cat public-key
xxKBcZlhZlbjW7yFuhZ08l294HBAp2I/iM05YE8vs0Y=
```
In the 'Allowed IPs' field, specify the address from which traffic will be allowed to the server in IP/bitmask format — 172.16.82.5/32
In the 'Persistent keepalive' field, you must specify the frequency of attempts to check the availability of the remote side of the connection. Usually, a 10-15 second interval between checks is enough. The default value of the 'Persistent keepalive' in the Keenetic peer settings is 30 seconds.
Click 'Save'.
Create an automatic WireGuard connection at OS startup via the Systemd initialization system, which allows you to start and manage Linux system daemons:
```
[my@my-wrk-lnv ~]$ sudo systemctl enable wg-quick@wg-client.service
Created symlink /etc/systemd/system/multi-user.target.wants/wg-quick@wg-client.service → /lib/systemd/system/wg-quick@.service.
```
Important
In the service name ***.service enter the configuration name wg-client.conf

Start the WireGuard connection:

[my@my-wrk-lnv ~]$ sudo systemctl start wg-quick@wg-client.service

Important

If the service does not start, you should check the boot log with the command systemctl status wg-quick@wg-client.service or journalctl -xe:

[my@my-wrk-lnv ~]$ systemctl status wg-quick@wg-client.service
wg-quick@wg-client.service - WireGuard via wg-quick(8) for wg/client
Loaded: loaded (/lib/systemd/system/wg-quick@.service; indirect; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2020-04-22 19:55:59 MSK; 8s ago
Docs: man:wg-quick(8)\
man:wg(8)
https://www.wireguard.com/
https://www.wireguard.com/quickstart/
https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
Process: 8734 ExecStart=/usr/bin/wg-quick up wg-client (code=exited, status=127)
Main PID: 8734 (code=exited, status=127)

apr 22 19:55:59 my@my-wrk-lnv wg-quick[8734]: [#] ip link add wg-client type wireguard
apr 22 19:55:59 my@my-wrk-lnv wg-quick[8734]: [#] wg setconf wg-client /dev/fd/63
apr 22 19:55:59 my@my-wrk-lnv wg-quick[8734]: [#] ip -4 address add 172.16.82.20/24 dev wg-client
apr 22 19:55:59 my@my-wrk-lnv wg-quick[8734]: [#] ip link set mtu 1420 up dev wg-client
apr 22 19:55:59 my@my-wrk-lnv wg-quick[8734]: [#] resolvconf -a wg-client -m 0 -x
apr 22 19:55:59 my@my-wrk-lnv wg-quick[8734]: /usr/bin/wg-quick: line 31: resolvconf: command not found
apr 22 19:55:59 my@my-wrk-lnv wg-quick[8734]: [#] ip link delete dev wg-client
apr 22 19:55:59 my@my-wrk-lnv systemd[1]: wg-quick@wg-client.service: Main process exited, code=exited, status=127/n/a
apr 22 19:55:59 my@my-wrk-lnv systemd[1]: wg-quick@wg-client.service: Failed with result 'exit-code'.
apr 22 19:55:59 my@my-wrk-lnv systemd[1]: Failed to start WireGuard via wg-quick(8) for wg/client.

According to the error, there is no installed package resolvconf, which is necessary for wg-quick, install the package:

[my@my-wrk-lnv ~]$ sudo apt install resolvconf
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  resolvconf
0 upgraded, 1 newly installed, 0 to remove and 3 not upgraded.
Need to get 54,7 kB of archives.
After this operation, 203 kB of additional disk space will be used.
Get:1 http://mirrors.daticum.com/ubuntu impish/universe amd64 resolvconf all 1.84ubuntu1 [54,7 kB]
Fetched 54,7 kB in 0s (888 kB/s)
Preconfiguring packages ...
Selecting previously unselected package resolvconf.
(Reading database ... 234409 files and directories currently installed.)
Preparing to unpack .../resolvconf_1.84ubuntu1_all.deb ...
Unpacking resolvconf (1.84ubuntu1) ...
Setting up resolvconf (1.84ubuntu1) ...
Created symlink /etc/systemd/system/sysinit.target.wants/resolvconf.service → /lib/systemd/system/resolvconf.service.
Created symlink /etc/systemd/system/systemd-resolved.service.wants/resolvconf-pull-resolved.path → /lib/systemd/system/resolvconf-pull-resolved.path.
Created symlink /etc/systemd/system/systemd-resolved.service.wants/resolvconf-pu
ll-resolved.service → /lib/systemd/system/resolvconf-pull-resolved.service.
Processing triggers for ureadahead (0.100.0-21) ...
Processing triggers for man-db (2.9.4-2) ...
Processing triggers for resolvconf (1.84ubuntu1) ...

After the package is installed, check that the service is running. Checking the connection:

[my@my-wrk-lnv ~]$ sudo wg
interface: wg-client
public key: xxKBcZlhZlbjW7yFuhZ08l294HBAp2I/iM05YE8vs0Y=
private key: (hidden)
listening port: 45757

peer: 1YVx+x3C817V9YdhUtpUhzyDLVj5tnK2m//WjFGynm4=
endpoint: 193.0.174.159:16631
allowed ips: 172.16.82.1/32, 192.168.22.0/24
transfer: 0 B received, 148 B sent
persistent keepalive: every 5 seconds

To check the availability of the server, you can send ICMP packets to the IP address:

[my@my-wrk-lnv ~]$ ping -c 10 -s 100 192.168.22.1
PING 192.168.22.1 (192.168.22.1) 100(128) bytes of data.
108 bytes from 192.168.22.1: icmp_seq=1 ttl=64 time=6.76 ms
108 bytes from 192.168.22.1: icmp_seq=2 ttl=64 time=6.70 ms
108 bytes from 192.168.22.1: icmp_seq=3 ttl=64 time=6.63 ms
108 bytes from 192.168.22.1: icmp_seq=4 ttl=64 time=6.84 ms
108 bytes from 192.168.22.1: icmp_seq=5 ttl=64 time=6.57 ms
108 bytes from 192.168.22.1: icmp_seq=6 ttl=64 time=6.24 ms
108 bytes from 192.168.22.1: icmp_seq=7 ttl=64 time=9.92 ms
108 bytes from 192.168.22.1: icmp_seq=8 ttl=64 time=9.75 ms
108 bytes from 192.168.22.1: icmp_seq=9 ttl=64 time=5.77 ms
108 bytes from 192.168.22.1: icmp_seq=10 ttl=64 time=7.03 ms

--- 192.168.22.1 ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 9014ms
rtt min/avg/max/mdev = 5.778/7.225/9.920/1.349 ms

To disable WireGuard connection to start automatically at OS startup, via the Systemd initialization system, enter the following command:

[my@my-wrk-lnv ~]$ sudo systemctl disable wg-quick@wg-client.service
Removed /etc/systemd/system/multi-user.target.wants/wg-quick@wg-client.service

To stop the WireGuard connection, enter the following command:
```
[my@my-wrk-lnv ~]$ sudo systemctl stop wg-quick@wg-client.service
```
Setup completed.

Installation and configuration option with NetworkManager

NetworkManager GUI is a graphical shell for network connection management software.

Brief command sequence:

git clone https://github.com/max-moser/network-manager-wireguard
cd network-manager-wireguard
./autogen.sh --without-libnm-glib
./configure --without-libnm-glib --prefix=/usr --sysconfdir=/etc --libdir=/usr/lib/x86_64-linux-gnu --libexecdir=/usr/lib/NetworkManager --localstatedir=/var

make
sudo make install

Important

If the plugin installation does not complete successfully or if there are not enough packages to install the plugin, run:

sudo apt install wireguard git dh-autoreconf libglib2.0-dev intltool build-essential libgtk-3-dev libnma-dev libsecret-1-dev network-manager-dev resolvconf

Detailed command sequence:

Clone the plugin code from the Github repository:

[my@my-wrk-lnv ~]$ git clone https://github.com/max-moser/network-manager-wireguard
Cloning into 'network-manager-wireguard'...
remote: Enumerating objects: 534, done.
remote: Total 534 (delta 0), reused 0 (delta 0), pack-reused 534
Receiving objects: 100% (534/534), 748.44 KiB | 1.63 MiB/s, done.
Resolving deltas: 100% (317/317), done.

[my@my-wrk-lnv ~]$ git clone https://github.com/max-moser/network-manager-wireguard
Клонирование в «network-manager-wireguard»…
remote: Enumerating objects: 534, done.
remote: Total 534 (delta 0), reused 0 (delta 0), pack-reused 534
Получение объектов: 100% (534/534), 748.39 KiB | 3.55 MiB/s, готово.
Определение изменений: 100% (317/317), готово.

Go to the directory network-manager-wireguard and compile the plugin for the graphical configuration of the Wireguard tunnel:

[my@my-wrk-lnv ~]$ cd network-manager-wireguard
[my@my-wrk-lnv network-manager-wireguard](master)$ ./autogen.sh --without-libnm-glib
libtoolize: putting auxiliary files in '.'.
libtoolize: linking file './ltmain.sh'
libtoolize: putting macros in AC_CONFIG_MACRO_DIRS, 'm4'.
libtoolize: linking file 'm4/libtool.m4'
libtoolize: linking file 'm4/ltoptions.m4'
libtoolize: linking file 'm4/ltsugar.m4'
libtoolize: linking file 'm4/ltversion.m4'
libtoolize: linking file 'm4/lt~obsolete.m4'
configure.ac:19: installing './compile'
configure.ac:19: installing './config.guess'
configure.ac:19: installing './config.sub'
configure.ac:7: installing './install-sh'
configure.ac:7: installing './missing'
Makefile.am: installing './depcomp'
parallel-tests: installing './test-driver'
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking whether UID '1000' is supported by ustar format... yes
checking whether GID '1000' is supported by ustar format... yes
checking how to create a ustar tar archive... gnutar
checking whether to enable maintainer-specific portions of Makefiles... yes
checking whether make supports nested variables... (cached) yes
checking for gcc-ar... gcc-ar
checking for gcc-ranlib... gcc-ranlib
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking how to print strings... printf
checking for style of include used by make... GNU
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables... 
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking whether gcc understands -c and -o together... yes
checking dependency style of gcc... gcc3
checking for a sed that does not truncate output... /bin/sed
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for fgrep... /bin/grep -F
checking for ld used by gcc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
checking the name lister (/usr/bin/nm -B) interface... BSD nm
checking whether ln -s works... yes
checking the maximum length of command line arguments... 1572864
checking how to convert x86_64-pc-linux-gnu file names to x86_64-pc-linux-gnu format... func_convert_file_noop
checking how to convert x86_64-pc-linux-gnu file names to toolchain format... func_convert_file_noop
checking for /usr/bin/ld option to reload object files... -r
checking for objdump... objdump
checking how to recognize dependent libraries... pass_all
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for archiver @FILE support... @
checking for strip... strip
checking for ranlib... (cached) gcc-ranlib
checking command to parse /usr/bin/nm -B output from gcc object... ok
checking for sysroot... no
checking for a working dd... /bin/dd
checking how to truncate binary pipes... /bin/dd bs=4096 count=1
checking for mt... mt
checking if mt is a manifest tool... no
checking how to run the C preprocessor... gcc -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if gcc supports -fno-rtti -fno-exceptions... no
checking for gcc option to produce PIC... -fPIC -DPIC
checking if gcc PIC flag -fPIC -DPIC works... yes
checking if gcc static flag -static works... yes
checking if gcc supports -c -o file.o... yes
checking if gcc supports -c -o file.o... (cached) yes
checking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... no
checking for gcc... (cached) gcc
checking whether we are using the GNU C compiler... (cached) yes
checking whether gcc accepts -g... (cached) yes
checking for gcc option to accept ISO C89... (cached) none needed
checking whether gcc understands -c and -o together... (cached) yes
checking dependency style of gcc... (cached) gcc3
checking for glib-compile-resources... /usr/bin/glib-compile-resources
checking for ANSI C header files... (cached) yes
checking fcntl.h usability... yes
checking fcntl.h presence... yes
checking for fcntl.h... yes
checking paths.h usability... yes
checking paths.h presence... yes
checking for paths.h... yes
checking sys/ioctl.h usability... yes
checking sys/ioctl.h presence... yes
checking for sys/ioctl.h... yes
checking sys/time.h usability... yes
checking sys/time.h presence... yes
checking for sys/time.h... yes
checking syslog.h usability... yes
checking syslog.h presence... yes
checking for syslog.h... yes
checking for unistd.h... (cached) yes
checking for mode_t... yes
checking for pid_t... yes
checking whether time.h and sys/time.h may both be included... yes
checking whether gcc needs -traditional... no
checking for working memcmp... yes
checking for select... yes
checking for socket... yes
checking for uname... yes
checking for library containing dlopen... -ldl
checking whether NLS is requested... yes
checking for intltool >= 0.35... 0.51.0 found
checking for intltool-update... /usr/bin/intltool-update
checking for intltool-merge... /usr/bin/intltool-merge
checking for intltool-extract... /usr/bin/intltool-extract
checking for xgettext... /usr/bin/xgettext
checking for msgmerge... /usr/bin/msgmerge
checking for msgfmt... /usr/bin/msgfmt
checking for gmsgfmt... /usr/bin/msgfmt
checking for perl... /usr/bin/perl
checking for perl >= 5.8.1... 5.26.1
checking for XML::Parser... ok
checking locale.h usability... yes
checking locale.h presence... yes
checking for locale.h... yes
checking for LC_MESSAGES... yes
checking for CFPreferencesCopyAppValue... no
checking for CFLocaleCopyCurrent... no
checking libintl.h usability... yes
checking libintl.h presence... yes
checking for libintl.h... yes
checking for ngettext in libc... yes
checking for dgettext in libc... yes
checking for bind_textdomain_codeset... yes
checking for msgfmt... (cached) /usr/bin/msgfmt
checking for dcgettext... yes
checking if msgfmt accepts -c... yes
checking for gmsgfmt... (cached) /usr/bin/msgfmt
checking for xgettext... (cached) /usr/bin/xgettext
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for GLIB... yes
checking for GTK... yes
checking for LIBNMA... yes
checking for LIBSECRET... yes
checking for LIBNM... yes
checking for more warnings... yes
checking whether -Wunknown-warning-option works as expected... not supported
checking whether "-Wextra" works as expected... yes
checking whether "-Wdeclaration-after-statement" works as expected... yes
checking whether "-Wfloat-equal" works as expected... yes
checking whether "-Wformat-nonliteral" works as expected... yes
checking whether "-Wformat-security" works as expected... yes
checking whether "-Wimplicit-fallthrough" works as expected... yes
checking whether "-Wimplicit-function-declaration" works as expected... yes
checking whether "-Winit-self" works as expected... yes
checking whether "-Wlogical-op" works as expected... yes
checking whether "-Wmissing-declarations" works as expected... yes
checking whether "-Wmissing-include-dirs" works as expected... yes
checking whether "-Wmissing-prototypes" works as expected... yes
checking whether "-Wpointer-arith" works as expected... yes
checking whether "-Wshadow" works as expected... yes
checking whether "-Wshift-negative-value" works as expected... yes
checking whether "-Wstrict-prototypes" works as expected... yes
checking whether "-Wundef" works as expected... yes
checking whether "-Wno-duplicate-decl-specifier" works as expected... yes
checking whether "-Wno-format-truncation" works as expected... yes
checking whether "-Wno-format-y2k" works as expected... yes
checking whether "-Wno-missing-field-initializers" works as expected... yes
checking whether "-Wno-pragmas" works as expected... yes
checking whether "-Wno-sign-compare" works as expected... yes
checking whether "-Wno-unused-but-set-variable" works as expected... yes
checking whether "-Wno-unused-parameter" works as expected... yes
checking whether -Wunknown-attributes works as expected... not supported
checking whether -Wtypedef-redefinition works as expected... not supported
checking whether -Warray-bounds works as expected... yes
checking whether -Wparentheses-equality works as expected... not supported
checking whether -Wunused-value works as expected... yes
checking whether -Wmissing-braces works as expected... no
checking if gcc supports flag -fdata-sections -ffunction-sections -Wl,--gc-sections in envvar CFLAGS... yes
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating po/Makefile.in
config.status: creating config.h
config.status: executing depfiles commands
config.status: executing libtool commands
config.status: executing default-1 commands
config.status: executing po/stamp-it commands
Build configuration: 
--with-gnome=yes
--with-libnm-glib=no
--enable-absolute-paths=no
--enable-more-warnings=yes
--enable-lto=no
--enable-ld-gc=yes

[my@my-wrk-lnv network-manager-wireguard](master)$ ./configure --without-libnm-glib --prefix=/usr --sysconfdir=/etc --libdir=/usr/lib/x86_64-linux-gnu --libexecdir=/usr/lib/NetworkManager --localstatedir=/var
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking whether UID '1000' is supported by ustar format... yes
checking whether GID '1000' is supported by ustar format... yes
checking how to create a ustar tar archive... gnutar
checking whether to enable maintainer-specific portions of Makefiles... no
checking whether make supports nested variables... (cached) yes
checking for gcc-ar... gcc-ar
checking for gcc-ranlib... gcc-ranlib
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking how to print strings... printf
checking for style of include used by make... GNU
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables... 
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking whether gcc understands -c and -o together... yes
checking dependency style of gcc... gcc3
checking for a sed that does not truncate output... /bin/sed
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for fgrep... /bin/grep -F
checking for ld used by gcc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
checking the name lister (/usr/bin/nm -B) interface... BSD nm
checking whether ln -s works... yes
checking the maximum length of command line arguments... 1572864
checking how to convert x86_64-pc-linux-gnu file names to x86_64-pc-linux-gnu format... func_convert_file_noop
checking how to convert x86_64-pc-linux-gnu file names to toolchain format... func_convert_file_noop
checking for /usr/bin/ld option to reload object files... -r
checking for objdump... objdump
checking how to recognize dependent libraries... pass_all
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for archiver @FILE support... @
checking for strip... strip
checking for ranlib... (cached) gcc-ranlib
checking command to parse /usr/bin/nm -B output from gcc object... ok
checking for sysroot... no
checking for a working dd... /bin/dd
checking how to truncate binary pipes... /bin/dd bs=4096 count=1
checking for mt... mt
checking if mt is a manifest tool... no
checking how to run the C preprocessor... gcc -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if gcc supports -fno-rtti -fno-exceptions... no
checking for gcc option to produce PIC... -fPIC -DPIC
checking if gcc PIC flag -fPIC -DPIC works... yes
checking if gcc static flag -static works... yes
checking if gcc supports -c -o file.o... yes
checking if gcc supports -c -o file.o... (cached) yes
checking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... no
checking for gcc... (cached) gcc
checking whether we are using the GNU C compiler... (cached) yes
checking whether gcc accepts -g... (cached) yes
checking for gcc option to accept ISO C89... (cached) none needed
checking whether gcc understands -c and -o together... (cached) yes
checking dependency style of gcc... (cached) gcc3
checking for glib-compile-resources... /usr/bin/glib-compile-resources
checking for ANSI C header files... (cached) yes
checking fcntl.h usability... yes
checking fcntl.h presence... yes
checking for fcntl.h... yes
checking paths.h usability... yes
checking paths.h presence... yes
checking for paths.h... yes
checking sys/ioctl.h usability... yes
checking sys/ioctl.h presence... yes
checking for sys/ioctl.h... yes
checking sys/time.h usability... yes
checking sys/time.h presence... yes
checking for sys/time.h... yes
checking syslog.h usability... yes
checking syslog.h presence... yes
checking for syslog.h... yes
checking for unistd.h... (cached) yes
checking for mode_t... yes
checking for pid_t... yes
checking whether time.h and sys/time.h may both be included... yes
checking whether gcc needs -traditional... no
checking for working memcmp... yes
checking for select... yes
checking for socket... yes
checking for uname... yes
checking for library containing dlopen... -ldl
checking whether NLS is requested... yes
checking for intltool >= 0.35... 0.51.0 found
checking for intltool-update... /usr/bin/intltool-update
checking for intltool-merge... /usr/bin/intltool-merge
checking for intltool-extract... /usr/bin/intltool-extract
checking for xgettext... /usr/bin/xgettext
checking for msgmerge... /usr/bin/msgmerge
checking for msgfmt... /usr/bin/msgfmt
checking for gmsgfmt... /usr/bin/msgfmt
checking for perl... /usr/bin/perl
checking for perl >= 5.8.1... 5.26.1
checking for XML::Parser... ok
checking locale.h usability... yes
checking locale.h presence... yes
checking for locale.h... yes
checking for LC_MESSAGES... yes
checking for CFPreferencesCopyAppValue... no
checking for CFLocaleCopyCurrent... no
checking libintl.h usability... yes
checking libintl.h presence... yes
checking for libintl.h... yes
checking for ngettext in libc... yes
checking for dgettext in libc... yes
checking for bind_textdomain_codeset... yes
checking for msgfmt... (cached) /usr/bin/msgfmt
checking for dcgettext... yes
checking if msgfmt accepts -c... yes
checking for gmsgfmt... (cached) /usr/bin/msgfmt
checking for xgettext... (cached) /usr/bin/xgettext
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for GLIB... yes
checking for GTK... yes
checking for LIBNMA... yes
checking for LIBSECRET... yes
checking for LIBNM... yes
checking for more warnings... yes
checking whether -Wunknown-warning-option works as expected... not supported
checking whether "-Wextra" works as expected... yes
checking whether "-Wdeclaration-after-statement" works as expected... yes
checking whether "-Wfloat-equal" works as expected... yes
checking whether "-Wformat-nonliteral" works as expected... yes
checking whether "-Wformat-security" works as expected... yes
checking whether "-Wimplicit-fallthrough" works as expected... yes
checking whether "-Wimplicit-function-declaration" works as expected... yes
checking whether "-Winit-self" works as expected... yes
checking whether "-Wlogical-op" works as expected... yes
checking whether "-Wmissing-declarations" works as expected... yes
checking whether "-Wmissing-include-dirs" works as expected... yes
checking whether "-Wmissing-prototypes" works as expected... yes
checking whether "-Wpointer-arith" works as expected... yes
checking whether "-Wshadow" works as expected... yes
checking whether "-Wshift-negative-value" works as expected... yes
checking whether "-Wstrict-prototypes" works as expected... yes
checking whether "-Wundef" works as expected... yes
checking whether "-Wno-duplicate-decl-specifier" works as expected... yes
checking whether "-Wno-format-truncation" works as expected... yes
checking whether "-Wno-format-y2k" works as expected... yes
checking whether "-Wno-missing-field-initializers" works as expected... yes
checking whether "-Wno-pragmas" works as expected... yes
checking whether "-Wno-sign-compare" works as expected... yes
checking whether "-Wno-unused-but-set-variable" works as expected... yes
checking whether "-Wno-unused-parameter" works as expected... yes
checking whether -Wunknown-attributes works as expected... not supported
checking whether -Wtypedef-redefinition works as expected... not supported
checking whether -Warray-bounds works as expected... yes
checking whether -Wparentheses-equality works as expected... not supported
checking whether -Wunused-value works as expected... yes
checking whether -Wmissing-braces works as expected... no
checking if gcc supports flag -fdata-sections -ffunction-sections -Wl,--gc-sections in envvar CFLAGS... yes
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating po/Makefile.in
config.status: creating config.h
config.status: config.h is unchanged
config.status: executing depfiles commands
config.status: executing libtool commands
config.status: executing default-1 commands
config.status: executing po/stamp-it commands
Build configuration: 
--with-gnome=yes
--with-libnm-glib=no
--enable-absolute-paths=no
--enable-more-warnings=yes
--enable-lto=no
--enable-ld-gc=yes

[my@my-wrk-lnv network-manager-wireguard](master)$ make
XMLLINT not set and xmllint not found in path; skipping xml preprocessing.
make all-recursive
make[1]: Entering directory «/home/my/network-manager-wireguard»
XMLLINT not set and xmllint not found in path; skipping xml preprocessing.
Making all in .
make[2]: Entering directory «/home/my/network-manager-wireguard»
XMLLINT not set and xmllint not found in path; skipping xml preprocessing.
CC shared/nm-utils/src_libnm_utils_la-nm-shared-utils.lo
In file included from ./shared/nm-default.h:49:0,
from shared/nm-utils/nm-shared-utils.c:22:
/usr/include/libnm/nm-version.h:155:30: warning: "NM_VERSION_1_10_14" is not defined, evaluates to 0 [-Wundef]
#if NM_VERSION_MAX_ALLOWED < NM_VERSION_1_10_14
^~~~~~~~~~~~~~~~~~
CC shared/src_libnm_utils_la-utils.lo
In file included from shared/nm-default.h:49:0,
from shared/utils.c:22:
/usr/include/libnm/nm-version.h:155:30: warning: "NM_VERSION_1_10_14" is not defined, evaluates to 0 [-Wundef]
#if NM_VERSION_MAX_ALLOWED < NM_VERSION_1_10_14
^~~~~~~~~~~~~~~~~~
CCLD auth-dialog/nm-wireguard-auth-dialog
ITMRG appdata/network-manager-wireguard.metainfo.xml
GEN nm-wireguard-service.name
make[2]: Leaving directory «/home/my/network-manager-wireguard»
Making all in po
make[2]: Entering directory «/home/my/network-manager-wireguard/po»
MSGFMT de.gmo
MSGFMT en_GB.gmo
make[2]: Leaving directory «/home/my/network-manager-wireguard/po»
make[1]: Leaving directory «/home/my/network-manager-wireguard»

[my@my-wrk-lnv network-manager-wireguard](master)$ make
XMLLINT not set and xmllint not found in path; skipping xml preprocessing.
make all-recursive
make[1]: вход в каталог «/home/my/network-manager-wireguard»
XMLLINT not set and xmllint not found in path; skipping xml preprocessing.
Making all in .
make[2]: вход в каталог «/home/my/network-manager-wireguard»
XMLLINT not set and xmllint not found in path; skipping xml preprocessing.
CC shared/nm-utils/src_libnm_utils_la-nm-shared-utils.lo
In file included from ./shared/nm-default.h:49:0,
from shared/nm-utils/nm-shared-utils.c:22:
/usr/include/libnm/nm-version.h:155:30: warning: "NM_VERSION_1_10_14" is not defined, evaluates to 0 [-Wundef]
#if NM_VERSION_MAX_ALLOWED < NM_VERSION_1_10_14
^~~~~~~~~~~~~~~~~~
CC shared/src_libnm_utils_la-utils.lo
In file included from shared/nm-default.h:49:0,
from shared/utils.c:22:
/usr/include/libnm/nm-version.h:155:30: warning: "NM_VERSION_1_10_14" is not defined, evaluates to 0 [-Wundef]
#if NM_VERSION_MAX_ALLOWED < NM_VERSION_1_10_14
^~~~~~~~~~~~~~~~~~
 CCLD auth-dialog/nm-wireguard-auth-dialog
ITMRG appdata/network-manager-wireguard.metainfo.xml
GEN nm-wireguard-service.name
make[2]: выход из каталога «/home/my/network-manager-wireguard»
Making all in po
make[2]: вход в каталог «/home/my/network-manager-wireguard/po»
MSGFMT de.gmo
MSGFMT en_GB.gmo
make[2]: выход из каталога «/home/my/network-manager-wireguard/po»
make[1]: выход из каталога «/home/my/network-manager-wireguard»

[my@my-wrk-lnv network-manager-wireguard](master)$ sudo make install
[sudo] password for my: 
XMLLINT not set and xmllint not found in path; skipping xml preprocessing.
Making install in .
make[1]: Entering directory «/home/my/network-manager-wireguard»
>XMLLINT not set and xmllint not found in path; skipping xml preprocessing.
make[2]: Entering directory «/home/my/network-manager-wireguard»
XMLLINT not set and xmllint not found in path; skipping xml preprocessing.
/bin/mkdir -p '/usr/lib/NetworkManager'
/bin/bash ./libtool --mode=install /usr/bin/install -c src/nm-wireguard-service auth-dialog/nm-wireguard-auth-dialog '/usr/lib/NetworkManager'
libtool: install: /usr/bin/install -c src/nm-wireguard-service /usr/lib/NetworkManager/nm-wireguard-service
libtool: install: /usr/bin/install -c auth-dialog/nm-wireguard-auth-dialog /usr/lib/NetworkManager/nm-wireguard-auth-dialog
/bin/mkdir -p '/usr/share/appdata'
/usr/bin/install -c -m 644 appdata/network-manager-wireguard.metainfo.xml '/usr/share/appdata'
/bin/mkdir -p '/etc/dbus-1/system.d'
/usr/bin/install -c -m 644 nm-wireguard-service.conf '/etc/dbus-1/system.d'
/bin/mkdir -p '/usr/lib/NetworkManager/VPN'
/usr/bin/install -c -m 644 nm-wireguard-service.name '/usr/lib/NetworkManager/VPN'
/bin/mkdir -p '/usr/lib/x86_64-linux-gnu/NetworkManager'
/bin/bash ./libtool --mode=install /usr/bin/install -c properties/libnm-vpn-plugin-wireguard.la properties/libnm-vpn-plugin-wireguard-editor.la '/usr/lib/x86_64-linux-gnu/NetworkManager'
libtool: install: /usr/bin/install -c properties/.libs/libnm-vpn-plugin-wireguard.so /usr/lib/x86_64-linux-gnu/NetworkManager/libnm-vpn-plugin-wireguard.so
libtool: install: /usr/bin/install -c properties/.libs/libnm-vpn-plugin-wireguard.lai /usr/lib/x86_64-linux-gnu/NetworkManager/libnm-vpn-plugin-wireguard.la
libtool: install: /usr/bin/install -c properties/.libs/libnm-vpn-plugin-wireguard-editor.so /usr/lib/x86_64-linux-gnu/NetworkManager/libnm-vpn-plugin-wireguard-editor.so
libtool: install: /usr/bin/install -c properties/.libs/libnm-vpn-plugin-wireguard-editor.lai /usr/lib/x86_64-linux-gnu/NetworkManager/libnm-vpn-plugin-wireguard-editor.la
libtool: finish: PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/sbin" ldconfig -n /usr/lib/x86_64-linux-gnu/NetworkManager
done
installing de.gmo as /usr/share/locale/de/LC_MESSAGES/NetworkManager-wireguard.mo
installing en_GB.gmo as /usr/share/locale/en_GB/LC_MESSAGES/NetworkManager-wireguard.mo
make[1]: Leaving directory «/home/my/network-manager-wireguard/po»

[my@my-wrk-lnv network-manager-wireguard](master)$ sudo make install
[sudo] пароль для my: 
XMLLINT not set and xmllint not found in path; skipping xml preprocessing.
Making install in .
make[1]: вход в каталог «/home/my/network-manager-wireguard»
XMLLINT not set and xmllint not found in path; skipping xml preprocessing.
make[2]: вход в каталог «/home/my/network-manager-wireguard»
XMLLINT not set and xmllint not found in path; skipping xml preprocessing.
/bin/mkdir -p '/usr/lib/NetworkManager'
/bin/bash ./libtool --mode=install /usr/bin/install -c src/nm-wireguard-service auth-dialog/nm-wireguard-auth-dialog '/usr/lib/NetworkManager'
libtool: install: /usr/bin/install -c src/nm-wireguard-service /usr/lib/NetworkManager/nm-wireguard-service
libtool: install: /usr/bin/install -c auth-dialog/nm-wireguard-auth-dialog /usr/lib/NetworkManager/nm-wireguard-auth-dialog
/bin/mkdir -p '/usr/share/appdata'
/usr/bin/install -c -m 644 appdata/network-manager-wireguard.metainfo.xml '/usr/share/appdata'
/bin/mkdir -p '/etc/dbus-1/system.d'
/usr/bin/install -c -m 644 nm-wireguard-service.conf '/etc/dbus-1/system.d'
/bin/mkdir -p '/usr/lib/NetworkManager/VPN'
/usr/bin/install -c -m 644 nm-wireguard-service.name '/usr/lib/NetworkManager/VPN'
/bin/mkdir -p '/usr/lib/x86_64-linux-gnu/NetworkManager'
/bin/bash ./libtool --mode=install /usr/bin/install -c properties/libnm-vpn-plugin-wireguard.la properties/libnm-vpn-plugin-wireguard-editor.la '/usr/lib/x86_64-linux-gnu/NetworkManager'
libtool: install: /usr/bin/install -c properties/.libs/libnm-vpn-plugin-wireguard.so /usr/lib/x86_64-linux-gnu/NetworkManager/libnm-vpn-plugin-wireguard.so
libtool: install: /usr/bin/install -c properties/.libs/libnm-vpn-plugin-wireguard.lai /usr/lib/x86_64-linux-gnu/NetworkManager/libnm-vpn-plugin-wireguard.la
libtool: install: /usr/bin/install -c properties/.libs/libnm-vpn-plugin-wireguard-editor.so /usr/lib/x86_64-linux-gnu/NetworkManager/libnm-vpn-plugin-wireguard-editor.so
libtool: install: /usr/bin/install -c properties/.libs/libnm-vpn-plugin-wireguard-editor.lai /usr/lib/x86_64-linux-gnu/NetworkManager/libnm-vpn-plugin-wireguard-editor.la
libtool: finish: PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/sbin" ldconfig -n /usr/lib/x86_64-linux-gnu/NetworkManager

done
installing de.gmo as /usr/share/locale/de/LC_MESSAGES/NetworkManager-wireguard.mo
installing en_GB.gmo as /usr/share/locale/en_GB/LC_MESSAGES/NetworkManager-wireguard.mo
make[1]: выход из каталога «/home/my/network-manager-wireguard/po»

Reboot the computer and check the availability of Wireguard settings in the Network Connections panel:

Configuring the connection to the Wireguard server:

Generate Private and Public keys, as described in 'Installation and configuration options in the terminal' (2nd step).
If the keys were previously generated in the system, you would need to view them in the terminal and copy them to the clipboard one by one:
```
[my@my-wrk-lnv wireguard]$ sudo cat private-key
0CwJzxW0yOG4I9XWl9Wo9nzpxen2G0VlTAxD7XEBVmE=
[my@my-wrk-lnv wireguard]$ sudo cat public-key
M2LeCzN8mFLpa6Xz3BNHFgtNt8kY4wluiwt+NJFTgxk=
```
Copy the Private key and paste it into the Private Key field of the tunnel settings:
Copy the public key and paste it into the previously configured WireGuard server in the Public Key field.
In the 'Allowed IPs' field, specify the address from which traffic will be allowed to the server in IP/bitmask format — 172.16.82.8/32
In the 'Public Key' field, enter the public key of the server, which can be copied to your computer's clipboard from the WireGuard settings in the router's web interface:
In the 'Allowed IPs' field, specify allowed IP addresses in IP/bitmask format — 172.16.82.1/32 (the internal server address) and 192.168.22.0/24 (address of the local segment of the Keenetic router).
In the 'Endpoint' field, specify the public IP address or domain name of the WireGuard server and the listening port on which the WireGuard client will establish the connection.
In the 'PersistentKeepalive' field, specify the frequency of attempts to check the availability of the remote side of the connection. Usually, a 3-5 second interval between checks is enough.
In the IPv4 tab in the Routes section, add a route to the local network segment of the Keenetic router:

Connect to the Wireguard server and ensure there are no error messages.

To check the server availability, you can send ICMP packets to the IP address of the local segment of your Keenetic router:

[my@my-wrk-lnv ~]$ ping -c 10 -s 100 192.168.22.1
PING 192.168.22.1 (192.168.22.1) 100(128) bytes of data.
108 bytes from 192.168.22.1: icmp_seq=1 ttl=64 time=5.40 ms
108 bytes from 192.168.22.1: icmp_seq=2 ttl=64 time=6.60 ms
108 bytes from 192.168.22.1: icmp_seq=3 ttl=64 time=7.99 ms
108 bytes from 192.168.22.1: icmp_seq=4 ttl=64 time=7.04 ms
108 bytes from 192.168.22.1: icmp_seq=5 ttl=64 time=6.31 ms
108 bytes from 192.168.22.1: icmp_seq=6 ttl=64 time=7.42 ms
108 bytes from 192.168.22.1: icmp_seq=7 ttl=64 time=6.55 ms
108 bytes from 192.168.22.1: icmp_seq=8 ttl=64 time=7.14 ms
108 bytes from 192.168.22.1: icmp_seq=9 ttl=64 time=8.47 ms
108 bytes from 192.168.22.1: icmp_seq=10 ttl=64 time=7.52 ms
--- 192.168.22.1 ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 9015ms
rtt min/avg/max/mdev = 5.402/7.049/8.470/0.834 ms

In this section:

User Manual

Connecting to WireGuard VPN from Linux

Important

Installation and configuration options in the terminal

Important

Important

Important

Important

Installation and configuration option with NetworkManager

Important

Configuring the connection to the Wireguard server:

Search results