wg-quick reads /etc/wireguard/wg0.conf and sets up the interface, addresses and routes for you.
Up / down
sudo wg-quick up wg0
sudo wg-quick down wg0
(wg0 is the config filename without .conf.)
Check status
sudo wg show
Look at the peer’s latest handshake — a value within the last ~2 minutes means the tunnel is
live. transfer shows bytes sent/received. No handshake usually means a wrong Endpoint, a closed
UDP port, or mismatched keys.
Start on boot
sudo systemctl enable --now wg-quick@wg0
Check the service and reload after editing the conf:
sudo systemctl status wg-quick@wg0
sudo systemctl restart wg-quick@wg0
Quick connectivity test
ping 10.0.0.1 # the other end's VPN IP
Tip: after changing wg0.conf, wg-quick down wg0 && wg-quick up wg0 (or systemctl restart)
reloads it. To change peers without dropping the tunnel, see the “add a peer without restarting”
recipe.