Wireguard
TBD
FAQ
How to add additional clients?
In order to add another client configuration to your WireGuard server, you need to generate a new client configuration and then add it to your server's configuration file. The following steps will guide you through the process.
1. Generate Client Configuration Files
Generate a new key pair for each client on your VPS using the provided command.
wg genkey | tee new_private_key | wg pubkey > new_public_key
This command generates a new private key (new_private_key) and corresponding public key (new_public_key). Repeat the command for each new client, replacing new_private_key and new_public_key with an unique filename for each client.
2. Configure the Server
Access your server's configuration file using a text editor of choice. If you're unsure how to edit a file on your server, please refer to our guide on that topic.
The configuration file can be found at /etc/wireguard/wg0.conf. Add a new section to the configuration file for each client you want to add. Replace CLIENT_NAME, CLIENT_PRIVATE_KEY, and CLIENT_IP with the appropriate values for each client.
[Peer]
PublicKey = CLIENT_PUBLIC_KEY
AllowedIPs = CLIENT_IP
Replace CLIENT_PUBLIC_KEY with the contents of the new_public_key file which contains the public key, you just generated for the new client.
Replace CLIENT_IP with the client's assigned IP address.
If you used our one-click installer for Wireguard, the IP networks are 192.168.42.0/24 and fd42:42:42::0/64, hence you can just increase the last octet by one. If your first client had 192.168.42.2/32 and fd42:42:42::2/128 as allowed IP addresses, and you just want to add a second client you could just use the following line:
AllowedIPs = 192.168.42.3/32, fd42:42:42::3/128
Finally, save your changes and exit the text editor.
3. Configure the Client
Now on your local machine, create a configuration file for each client. Use a text editor to create and save the file(s) with a .conf extension, for example, client1.conf.
[Interface]
PrivateKey = CLIENT_PRIVATE_KEY
Address = CLIENT_IP
DNS = 9.9.9.9, 2620:fe::fe
[Peer]
PublicKey = SERVER_PUBLIC_KEY
Endpoint = SERVER_IP:SERVER_PORT
AllowedIPs = 0.0.0.0/0, ::/0
Replace CLIENT_PRIVATE_KEY with the contents of the new_private_key file which contains the private key, you just generated for the new client. CLIENT_IP needs to match the value(s) you used in the server's configuration file in the AllowedIPs section for the client you're creating the config for.
You can find the SERVER_PUBLIC_KEY either by looking in your existing client configuration (you can just copy and paste the value that is being used there) or by running the following command on the server itself:
cat /root/wireguard/server-publickey
Finally, SERVER_IP is the IP address of your server and SERVER_PORT is the port you configured in the server's configuration file.
If you're using our one-click installer for Wireguard, the port is 51820.
4. Restart WireGuard
To apply your changes and allow the new client(s) to connect to your WireGuard server, simply restart the corresponding service on your VPS using following command:
sudo systemctl restart wg-quick@wg0.service
Verify the service status to ensure it's running without issues:
sudo systemctl is-active wg-quick@wg0.service
The output of that command should read active.
5. Distribute client configuration files
Finally, copy the configuration file as created in Step 3 and distribute them to the corresponding client devices. Ensure that the WireGuard software is installed on the client devices and integrate the configuration files.
Please keep in mind that you can not establish more than one simultaneous connection per config file. So you need to create a new config for each device that is actually connecting to your WireGuard server. Connecting multiple devices with the same config file will result in connection issues.