How to configure a WireGuard Windows 10 VPN client

This post belongs to my “mini-course” on Gain flexibility & increase privacy with WireGuard VPN. I’ll only be walking through how to set up a client for WireGuard on Windows 10.

If you don’t have a server (or even if you already have one), definitely start from the top. I make a few assumptions and I broke things into separate posts because I try to get as detailed as possible.

client configuration , reading !

What you’ll achieve

• We will be using the official client from WireGuard on Windows 10 to connect to our WireGuard VPN server
• All Internet traffic on the Windows 10 Client will pass through our WireGuard VPN first, then access the Internet

Here is what this looks like:

Prerequisites

Download the WireGuard Client

Always download clients from official sources. You can find that here: https://www.wireguard.com/install/

Install & Configure

Once you install the client, you will want to click the arrow next to “Add Tunnel”, then click Add empty tunnnel....

What’s nice about this is the GUI creates a public and private key for us automatically.

We’re far from done, so let’s get it to connect to our server.

Expanding the configuration

We need to update the configuration file to look like this:

[Interface]
PrivateKey = abcdefghijklmnopqrstuvwxyz1234567890=+
Address = 10.0.0.3/24
DNS = 1.1.1.1, 1.0.0.1

[Peer]
PublicKey = YOUR_SERVER_PUBLIC_KEY
AllowedIPs = 0.0.0.0/0
Endpoint = YOUR_SERVER_WAN_IP:51820

IMPORTANT : You need to replace YOUR_SERVER_PUBLIC_KEY and YOUR_SERVER_WAN_IP

I dive into detail what this all means in another post, but make sure you are also setting your Address to a unique IP address on your virtual private network.

This is what mine looks like (again, never share your private key. This is just a demo):

Checking Block untunneled traffic will make sure that all of our traffic is being routed through our VPN.

Add your client key to your server

you is press pressActivate screen , it is connect connect . server is needs needs know .

Adding your client’s public key to the server

The easiest way to add your key to your server is through the wg set command.

ON YOUR SERVER run this command:

sudo wg set wg0 peer YOUR_CLIENT_PUBLIC_KEY allowed - ips YOUR_CLIENT_VPN_IP

IMPORTANT : You need to replace YOUR_CLIENT_PUBLIC_KEY and YOUR_CLIENT_VPN_IP

You can compare my command below to my diagram at the top of my post for exactly what I mean:

Test your connection

Windows 10 machine , pressActivate button. You should see a successful connection be made:

Once you are connected, head on over to dnsleaktest.com. This will tell you two things:

1. DNS is Is “ leaking ” ( different DNS provider outside VPN ) ?
2. IP Address different ?

If you followed my configuration, all DNS tests should comeback using “CloudFlare”.

Test the DNS Leak with WireGuard VPN active and inactive. Compare the results.

The last place to run a test is fast.com. This will run a speed test of your connection. If you run notice a dramatic decline in speed, try setting up a server in a region that is close to you (where you will usually be connecting from). I’ve always had good luck with Digital Ocean, Vultr, and Linode.

That is ’s !

clients configure , check “ mini – course ” learn configure macOS , iOS , Android WireGuard VPN .

Any questions, just let me know! You can add them to the comments below or ask me on Twitter. If you like posts like this, you can get more of them if you sign up on our mailing list.