The WireGuard protocol is currently under heavy development and should be considered as experimental. We do not recommend WireGuard for situations where security is critical. Review the WireGuard project for more information.

Configure your environment

  1. Install WireGuard for your distribution.

    Install additional packages for Debian/Ubuntu/Mint:

    $ sudo apt install resolvconf curl
  2. Generate your private and public keys and store them in a safe place.

    $ cd ~
    $ mkdir wireguard
    $ cd wireguard
    $ wg genkey | tee privatekey | wg pubkey > publickey
    $ chmod 600 privatekey
    $ cat privatekey
    abcdefghijklmnopqrstuvwxyz0123456789=
    $ cat publickey
    9876543210zyxwvutsrqponmlkjihgfedcba=

    Note: The keys above are examples only.

Setup WireGuard to use IVPN

  1. Log in to the IVPN Client Area.
  2. On the VPN Accounts page, click the WireGuard tab. Go to WireGuard Key Management located under Tools. Click the Add New Key button. Copy the contents of the public key file and paste them into the Public Key: field. Add a comment, like Linux if you prefer, and click the Add Key button.

    Be sure to copy the PUBLIC key and not the PRIVATE key. The PRIVATE key must always be kept a carefully guarded secret.
  3. Make note of the IP Address beside your newly added public key on the WireGuard tab in the Client Area. This is the IP address your computer system will have on our internal network. It will be in the form 172.x.y.z.
  4. WireGuard uses the UDP protocol and IVPN offers different ports to connect on. Choose a port:

    udp 2049
    udp 2050
    udp 53
    udp 30587
    udp 41893
    udp 48574
    udp 58237
  5. Choose a WireGuard server to connect to from our list. To see our server list go to the VPN Accounts page, click the WireGuard tab. Go to WireGuard Server List which is located under Tools. Remember the hostname and the public key of the server.
  6. To create a WireGuard configuration file for the connection you will need the following information:

    • Your private key from step #2 of the environment configuration.

      $ cat ~/wireguard/privatekey
      abcdefghijklmnopqrstuvwxyz0123456789=
    • Your assigned IP address from step #3 above.

      172.x.y.z
    • The server port from step #4 above.

      2049
    • The server hostname and server public_key from step #5 above.

      us-tx1.wg.ivpn.net
      JPT1veXLmasj2uQDstX24mpR7VWD+GmV8JDkidkz91Q=
  7. Create the WireGuard configuration file.

    $ sudo mkdir /etc/wireguard
    $ sudo touch /etc/wireguard/us-tx1.conf
    $ sudo chmod 600 /etc/wireguard/us-tx1.conf
    $ sudo nano /etc/wireguard/us-tx1.conf

    Use Nano or your favourite text editor to edit the configuration file. Enter the details accordingly

    [Interface]
    PrivateKey = abcdefghijklmnopqrstuvwxyz0123456789=
    Address = 172.x.y.z/32
    DNS = 172.16.0.1
    
    [Peer]
    PublicKey = JPT1veXLmasj2uQDstX24mpR7VWD+GmV8JDkidkz91Q=
    Endpoint = us-tx1.wg.ivpn.net:2049
    AllowedIPs = 0.0.0.0/0

    Press Ctrl + x to save the file and exit from the nano editor.

    • Add '/32' to the end of your assigned IP address.
    • Add the chosen port at the end of the hostname with a prefix of ':'
  8. You are now ready. To connect run:

    $ sudo wg-quick up us-tx1
  9. Check the contents of /etc/resolv.conf to confirm that the wg-quick program updated the DNS server in your system.

    $ cat /etc/resolv.conf
    nameserver 172.16.0.1
    ...

    You may have to manually add an entry for our internal DNS IP address.

    $ sudo nano /etc/resolv.conf
    
    nameserver 172.16.0.1
    ...
    

    Press Ctrl + x to save the file and exit from the nano editor.

  10. Check your external IP to verify that you are connected.

    $ curl ifconfig.co
  11. To disconnect run:

    $ sudo wg-quick down us-tx1
    Be sure to undo the manually applied changes to /etc/resolv.conf if any changes were required.
Was this answer helpful?

Can you please tell us how we can improve this article?