How to Set Up WireGuard VPN on Raspberry Pi with Pi OS
WireGuard is a modern VPN protocol that aims to be simpler, faster, and more efficient than existing protocols. Setting up WireGuard on a Raspberry Pi running Raspberry Pi OS (formerly Raspbian) is a straightforward process that can significantly enhance your online privacy and security. In this guide, we’ll walk through the steps to install and configure WireGuard on your Raspberry Pi.
Prerequisites
Before you begin, ensure that you have the following:
Raspberry Pi: Any model will work, but a Raspberry Pi 2 or later is recommended.
Raspberry Pi OS: Ensure that you have the latest version of Raspberry Pi OS installed. You can download it from the official Raspberry Pi website.
Basic Linux knowledge: Familiarity with the command line will be helpful.
Internet connection: Your Raspberry Pi should be connected to the internet.
Step 1: Update Your System
Start by updating your Raspberry Pi to ensure all packages are up-to-date. Open a terminal window and enter the following commands:
sudo apt update
sudo apt upgrade -y
This will refresh the package lists and upgrade any outdated packages.
Step 2: Install WireGuard
Next, install the WireGuard package. As of now, WireGuard is included in the default Raspberry Pi OS repository, so you can install it with the following command:
sudo apt install wireguard
This command will install the WireGuard software and its dependencies.
Step 3: Configure WireGuard
3.1 Generate Key Pair
WireGuard uses public and private keys for authentication. You will need to generate a key pair for your server and each client device. To generate a key pair, use the following commands:
wg genkey | tee privatekey | wg pubkey > publickey
This will create two files in your current directory: privatekey and publickey. Keep these keys secure, especially the private key.
3.2 Create Configuration File
Next, create a configuration file for WireGuard. You can name the configuration file anything you like, but for this example, we’ll call it wg0.conf. Use your preferred text editor to create and open this file:
sudo nano /etc/wireguard/wg0.conf
Add the following configuration to the file, modifying the placeholders with your actual values:
[Interface]
Address = 10.0.0.1/24 # VPN subnet
PrivateKey =
ListenPort = 51820[Peer]
# Client 1
PublicKey =
AllowedIPs = 10.0.0.2/32 # IP address for the client
3.3 Configure IP Forwarding
To allow the Raspberry Pi to route packets between the VPN and the internet, enable IP forwarding. Open the sysctl.conf file:
sudo nano /etc/sysctl.conf
Uncomment or add the following line:
net.ipv4.ip_forward=1
Save and exit the editor, then apply the changes:
sudo sysctl -p
Step 4: Start WireGuard
With everything configured, you can now start the WireGuard interface. Use the following command:
sudo wg-quick up wg0
To check the status of WireGuard, you can run:
sudo wg
This will display the current status of the WireGuard interface, including connected peers.
Step 5: Set Up WireGuard to Start on Boot
To ensure that WireGuard starts automatically when the Raspberry Pi boots, enable the service using the following command:
sudo systemctl enable wg-quick@wg0
Step 6: Configure Client Devices
Now that your WireGuard server is running, you need to configure your client devices. Follow these steps for each client:
6.1 Generate Key Pair
On the client device (another Raspberry Pi, laptop, etc.), generate a key pair using the same command as in Step 3.1:
wg genkey | tee privatekey | wg pubkey > publickey
6.2 Create Client Configuration
Create a configuration file for the client (e.g., client.conf), and add the following configuration:
[Interface]
Address = 10.0.0.2/32 # Client’s VPN IP
PrivateKey =[Peer]
PublicKey =
Endpoint = :51820 # Public IP of your Raspberry Pi
AllowedIPs = 0.0.0.0/0 # Send all traffic through VPN
PersistentKeepalive = 25
6.3 Start WireGuard on the Client
Install WireGuard on the client device if it’s not already installed. Then, start the WireGuard interface using:
sudo wg-quick up client
Step 7: Verify the VPN Connection
Once everything is set up, you can verify that the VPN connection is working. On the client device, run:
curl ifconfig.me
This command should return the public IP address of your Raspberry Pi, indicating that your traffic is being routed through the VPN.
Thank you for visiting our page! Don’t forget to check out our other article through the link below to enhance your Linux skills. Also, be sure to read our guide on How to Set Up a Tor Relay on Linux! 🙂
How to Set Up a Tor Relay on Linux
