Copy · paste · wg-quick up
WireGuard configs you can actually paste.
Complete wg0.conf recipes — server and client side by side — for road-warrior, full-tunnel, split-tunnel, site-to-site and home-LAN setups.
15 recipes
- Basics Add a WireGuard Peer Without Restarting the Tunnel Add a new client to a running WireGuard server with wg set or wg syncconf — no downtime for existing peers. Copy-paste. 3 min →
- Basics Install WireGuard & Generate Keys (Copy-Paste) Install wireguard-tools on Linux and generate a private/public key pair the right way (umask 077). Copy-paste. 2 min →
- Basics Bring WireGuard Up/Down & Check Status (wg-quick, wg show) Start and stop a WireGuard tunnel with wg-quick, enable it on boot, and read wg show to confirm the handshake. Copy-paste. 2 min →
- Basics The wg0.conf File Explained ([Interface] & [Peer]) What every line in a WireGuard wg0.conf means — Address, ListenPort, PrivateKey, PublicKey, Endpoint, AllowedIPs — with an annotated example. Copy-paste. 3 min →
- Scenarios Access Your Home LAN Remotely with WireGuard Reach every device on your home network from your laptop or phone — copy-paste server + client wg0.conf with the LAN subnet routed and NAT. 4 min →
- Scenarios Full-Tunnel VPN: Route ALL Traffic Through WireGuard Turn a WireGuard server into an internet gateway / exit node — copy-paste server + client wg0.conf with IP forwarding and NAT masquerade. 4 min →
- Scenarios Add a Phone to WireGuard with a QR Code Generate a WireGuard client config and turn it into a QR code with qrencode, then scan it in the mobile app. Copy-paste. 3 min →
- Scenarios Minimal WireGuard Server + Client (Road Warrior) A complete, copy-paste WireGuard server and client wg0.conf pair for a single remote user — the foundation every other setup builds on. 4 min →
- Scenarios WireGuard Site-to-Site (Connect Two LANs) Link two networks over WireGuard so hosts on each LAN reach the other — copy-paste wg0.conf for both gateways, with forwarding and routes. 5 min →
- Scenarios Split Tunnel: Route Only Specific IPs Through WireGuard Send just your server/LAN subnets through the tunnel while normal internet stays direct — copy-paste client AllowedIPs config. 3 min →
- Networking WireGuard AllowedIPs Explained (the #1 Confusion) AllowedIPs is both a routing table and an access filter. What to put on the server vs the client, with copy-paste examples for each setup. 4 min →
- Networking WireGuard DNS, PersistentKeepalive & MTU (Fix Drops & Leaks) Three settings that fix the most common WireGuard annoyances: DNS leaks, connections dropping when idle, and broken throughput. Copy-paste. 3 min →
- Networking Enable IP Forwarding for WireGuard (net.ipv4.ip_forward) Turn on kernel IP forwarding so a WireGuard server can route client traffic — persistent sysctl config for IPv4 and IPv6. Copy-paste. 2 min →
- Networking WireGuard NAT / MASQUERADE (PostUp & PostDown Rules) The exact PostUp/PostDown firewall rules to let WireGuard clients reach the internet or a LAN — iptables and nftables variants. Copy-paste. 3 min →
- Platforms Run WireGuard in Docker (linuxserver/wireguard) A copy-paste docker-compose for WireGuard that auto-generates client configs and QR codes — plus the wg-easy web-UI alternative. 4 min →
WireGuard is simple — until AllowedIPs and NAT aren't.
Each recipe gives matching server and client wg0.conf files for one real scenario, every placeholder labelled, the PostUp firewall lines included, and the wg show check to confirm it.
FAQ
Are these WireGuard configs free?
Yes. Every recipe is free to read and copy, with no account or paywall.
Where do these configs go?
In /etc/wireguard/wg0.conf on the server and each client; chmod 600, then "wg-quick up wg0".
Connected but no internet?
Full-tunnel needs IP forwarding + a PostUp MASQUERADE rule on the server, and AllowedIPs = 0.0.0.0/0 on the client.
Connection drops when idle?
Add PersistentKeepalive = 25 to the [Peer] behind NAT (usually the client).