WireGuard terminal setup guide

Configure your environment

  1. Install WireGuard for your distribution.

    Install additional packages for Debian/Ubuntu/Mint:

    $ sudo apt install resolvconf curl
  2. Generate your private and public keys and store them in a safe place.

    $ cd ~
    $ mkdir wireguard
    $ cd wireguard
    $ wg genkey | tee privatekey | wg pubkey > publickey
    $ chmod 600 privatekey
    $ cat privatekey
    $ cat publickey

    Note: The keys above are examples only.

Setup WireGuard to use IVPN

  1. Log in to the IVPN Client Area.

  2. On the VPN Accounts page, click the WireGuard tab. Go to WireGuard Key Management located under Tools. Click the Add New Key button. Copy the contents of the public key file and paste them into the Public Key: field. Add a comment, like Linux if you prefer, and click the Add Key button.

    Be sure to copy the PUBLIC key and not the PRIVATE key. The PRIVATE key must always be kept a carefully guarded secret.
  3. Make note of the IPv4 address and IPv6 address beside your newly added public key on the WireGuard tab in the Client Area. These are the IP addresses your computer system will have on our internal network that will be in the 172.x.y.z & fd00:4956:504e:ffff::aaaa:bbbb format respectively.

  4. WireGuard uses the UDP protocol and IVPN offers different ports to connect on. Choose a port:

    udp 53
    udp 80
    udp 443
    udp 1194
    udp 2049
    udp 2050
    udp 30587
    udp 41893
    udp 48574
    udp 58237
  5. Choose a WireGuard server to connect to from our Server Status page. Remember the hostname and the public key of the server.

  6. To create a WireGuard configuration file for the connection you will need the following information:

    Your private key from step #2 of the environment configuration.

    $ cat ~/wireguard/privatekey

    Your assigned IP addresses from step #3 above.

    172.x.y.z, fd00:4956:504e:ffff::aaaa:bbbb

    The server port from step #4 above.


    The server hostname and server public_key from step #5 above.

  7. Create the WireGuard configuration file.

    $ sudo mkdir /etc/wireguard
    $ sudo touch /etc/wireguard/us-tx1.conf
    $ sudo chmod 600 /etc/wireguard/us-tx1.conf
    $ sudo nano /etc/wireguard/us-tx1.conf

    Use Nano or your favorite text editor to edit the configuration file. Enter the details accordingly

    PrivateKey = abcdefghijklmnopqrstuvwxyz0123456789=
    Address = 172.x.y.z/32, fd00:4956:504e:ffff::x:y/128
    DNS =
    PublicKey = JPT1veXLmasj2uQDstX24mpR7VWD+GmV8JDkidkz91Q=
    Endpoint = us-tx1.wg.ivpn.net:2049
    AllowedIPs =, ::/0

    Press Ctrl + x to save the file and exit from the nano editor.

    - Add '/32' & '/128' to the end of your assigned IPv4 and IPv6 addresses respectively.
    - Add the chosen port at the end of the hostname with a prefix of ':'
  8. You are now ready. To connect run:

    $ sudo wg-quick up us-tx1
  9. Check the contents of /etc/resolv.conf to confirm that the wg-quick program updated the DNS server in your system.

    $ cat /etc/resolv.conf

    You may have to manually add an entry for our internal DNS IP address.

    $ sudo nano /etc/resolv.conf

    Press Ctrl + x to save the file and exit from the nano editor.

  10. Check your external IPv4 & IPv6 IP addresses to verify that you are connected to IVPN.

    $ curl ifconfig.co
    $ curl -6 ifconfig.co
  11. To disconnect run:

    $ sudo wg-quick down us-tx1
    Be sure to undo the manually applied changes to /etc/resolv.conf if any changes were required.
Spotted a mistake or have an idea on how to improve this page?
Suggest an edit on GitHub.