{"id":20018954,"url":"https://github.com/android10/raspberrypi-wireguard","last_synced_at":"2025-08-10T22:09:18.266Z","repository":{"id":145629076,"uuid":"175426327","full_name":"android10/RaspberryPi-Wireguard","owner":"android10","description":"WireGuard is an interesting new VPN protocol that has the potential to bring major change to the VPN industry. In comparison to existing VPN protocols, such as OpenVPN and IPSec, WireGuard may offer faster speeds and better reliability with new and improved encryption standards. This repository aims to help with the installation of Wireguard, tested on a Raspberry Pi 3 B.","archived":false,"fork":false,"pushed_at":"2019-12-07T15:56:57.000Z","size":809,"stargazers_count":18,"open_issues_count":0,"forks_count":5,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-08T14:11:07.823Z","etag":null,"topics":["openvpn","raspberry-pi","raspberry-pi-3","vpn","vpn-client","vpn-server","wireguard","wireguard-vpn"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/android10.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-03-13T13:27:33.000Z","updated_at":"2024-03-31T05:30:17.000Z","dependencies_parsed_at":"2023-04-27T16:01:28.006Z","dependency_job_id":null,"html_url":"https://github.com/android10/RaspberryPi-Wireguard","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/android10%2FRaspberryPi-Wireguard","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/android10%2FRaspberryPi-Wireguard/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/android10%2FRaspberryPi-Wireguard/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/android10%2FRaspberryPi-Wireguard/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/android10","download_url":"https://codeload.github.com/android10/RaspberryPi-Wireguard/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252414286,"owners_count":21744080,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["openvpn","raspberry-pi","raspberry-pi-3","vpn","vpn-client","vpn-server","wireguard","wireguard-vpn"],"created_at":"2024-11-13T08:25:08.150Z","updated_at":"2025-05-04T23:31:31.458Z","avatar_url":"https://github.com/android10.png","language":null,"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg width=\"600\" src=\"https://raw.githubusercontent.com/android10/RaspberryPi-Wireguard/master/wireguard-logo.png\"\u003e\n\u003c/p\u003e\n\nWireGuard is an interesting new VPN protocol that has the potential to bring major change to the VPN industry. \nIn comparison to existing VPN protocols, such as OpenVPN and IPSec, WireGuard may offer faster speeds and better reliability with new and improved encryption standards. \nThis repository aims to help with the installation of Wireguard, tested on a Raspberry Pi 3 B.\n\n\n## 0. This is how our solution looks like:\n\n\u003cp align=\"center\"\u003e\n  \u003cimg width=\"500\" src=\"https://raw.githubusercontent.com/android10/RaspberryPi-Wireguard/master/portable_vpn_raspberry_pi.png\"\u003e\n\u003c/p\u003e\n\n\n## 1. Wireguard installation (Tested on Raspberry Pi 3 B and above)\n\n```console\npi:~ $ sudo apt-get update\npi:~ $ sudo apt-get upgrade \npi:~ $ sudo apt-get install raspberrypi-kernel-headers\npi:~ $ echo \"deb http://deb.debian.org/debian/ unstable main\" | sudo tee --append /etc/apt/sources.list.d/unstable.list\npi:~ $ sudo apt-get install dirmngr \npi:~ $ sudo apt-key adv --keyserver   keyserver.ubuntu.com --recv-keys 8B48AD6246925553 \npi:~ $ printf 'Package: *\\nPin: release a=unstable\\nPin-Priority: 150\\n' | sudo tee --append /etc/apt/preferences.d/limit-unstable\npi:~ $ sudo apt-get update\npi:~ $ sudo apt-get install wireguard \npi:~ $ sudo reboot\n```\n**Enable ipv4 forwarding then reboot to make changes active:**\n\n```console\npi:~ $ sudo perl -pi -e 's/#{1,}?net.ipv4.ip_forward ?= ?(0|1)/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf \npi:~ $ sudo reboot\n```\n\nOpen ```systctl.conf``` file and make sure ```net.ipv4.ip_forward = 1```:\n\n```console\npi:~ $ sudo nano /etc/sysctl.conf\nnet.ipv4.ip_forward = 1\n```\n\n\n## 2. Generate private and public keys for server\n  \n```console\npi:~ $ mkdir wgkeys\npi:~ $ cd wgkeys  \npi:~/wgkeys $ wg genkey \u003e server_private.key  \nWarning: writing to world accessible file.\nConsider setting the umask to 077 and trying again.\npi:~/wgkeys $ wg pubkey \u003e server_public.key \u003c server_private.key\npi:~/wgkeys $ ls\nserver_private.key server_public.key\n```\n\nWith `cat` command we can view the content of the generated file.\n\n```console\npi:~/wgkeys $ cat server_public.key \nAj2HHAutB2U0O56jJBdkZ/xgb4pnmUPJ0IriuACLLmI=\n```\n\n\n## 3. Generate private and public keys for a client\n  \n```console\npi:~/wgkeys $ wg genkey \u003e android10_pixel2_private.key\nWarning: writing to world accessible file.\nConsider setting the umask to 077 and trying again.\npi:~/wgkeys $ wg pubkey \u003e android10_pixel2_public.key \u003c android10_pixel2_private.key\npi:~/wgkeys $ ls\nandroid10_pixel2_private.key android10_pixel2_public.key server_private.key server_public.key\n```\n\n\n## 4. Setup Wireguard interface on server\n\n```console\npi:~ $ sudo vim /etc/wireguard/wg0.conf\n```\n\n```console\n[Interface]\nAddress = 10.200.200.1/24\nSaveConfig = true\nPostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\nPostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE\nListenPort = 51820\nPrivateKey = \u003cserver_private.key\u003e\n\n[Peer]\n#android10-xps\nPublicKey = \u003candroid10_xps_public.key\u003e\nAllowedIPs = 10.200.200.2/32\n\n[Peer]\n#android10-pixel2\nPublicKey = \u003candroid10_pixel2_public.key\u003e\nAllowedIPs = 10.200.200.3/32\n\n[Peer]\n#android10-gpd\nPublicKey = \u003candroid10_gpd_public.key\u003e\nAllowedIPs = 10.200.200.4/32\n```\n\n\n## 5. Start Wireguard\n\nStart Wireguard with `wg-quick` command.\n\n```console\npi:~/wgkeys $ sudo wg-quick up wg0 \n[#] ip link add wg0 type wireguard\n[#] wg setconf wg0 /dev/fd/63\n[#] ip address add 10.200.200.1/24 dev wg0\n[#] ip link set mtu 1420 up dev wg0\n[#] iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n```\n\nUse `sudo wg` command to check if it is working:\n\n```console\npi:~/wgkeys $ sudo wg \ninterface: wg0\n  public key: \u003cserver_public.key\u003e\n  private key: (hidden)\n  listening port: 51820\n\npeer: \u003candroid10_xps_private.key\u003e\n  allowed ips: 10.200.200.2/32\n\npeer: \u003candroid10_pixel2_private.key\u003e\n  allowed ips: 10.200.200.3/32\n\npeer: \u003candroid10_gpd_private.key\u003e\n  allowed ips: 10.200.200.4/32\n```\n\n**You can launch automatically at startup:**\n\n```console\npi:~/wgkeys $ sudo systemctl enable wg-quick@wg0  \nCreated symlink /etc/systemd/system/multi-user.target.wants/wg-quick@wg0.service → /lib/systemd/system/wg-quick@.service.\n```\n\n\n## 6. Setup clients\n\nYou will need to install wireguard on clients as well. \n**IMPORTANT:** Wireguard does not have separate apps for server and client, just differences in the configuration file. \n\n**Installing Wireguard Client Tools.**\n\n - Arch Linux -\u003e `sudo pacman -S wireguard-tools`.\n   - Install the appropriate kernel module:\n     - `sudo pacman -S wireguard-arch` for the default linux kernel.\n     - `sudo pacman -S wireguard-lts` for the LTS linux-lts kernel.\n     - `sudo pacman -S wireguard-dkms` for the DKMS variant for other kernels.\n - On Debian based distros -\u003e `sudo apt-get install wireguard`.\n - Other platforms -\u003e [Wireguard Website](https://www.wireguard.com/install/). \n - Android -\u003e [Google Play](https://play.google.com/store/apps/details?id=com.wireguard.android).\n - iOS -\u003e [App Store](https://itunes.apple.com/us/app/wireguard/id1441195209?ls=1\u0026mt=8).\n\n**My Android Pixel 2 client EXAMPLE.**\n\nAfter intalling the Android Client from the link above, here is the Example configuration we should use (same applies for other clients you want to setup up):\n\n```wireguard-android10-pixel2.conf```\n\n```console\n[Interface]\nAddress = 10.200.200.3/24\nPrivateKey = \u003candroid10_pixel2_private.key\u003e\nDNS = 8.8.8.8\n\n[Peer]\nPublicKey = \u003cserver_public.key\u003e\nAllowedIPs = 0.0.0.0/0, ::/0\nEndpoint = my.ddns.address.com:51820\n```\n\n**IMPORTANT:** Using the catch-all **AllowedIPs = 0.0.0.0/0, ::/0** will forward all **IPv4 (0.0.0.0/0)** and **IPv6 (::/0)** traffic over the **VPN**.\n\n**Screenshots for the Android Application**\n\n\u003cp align=\"center\"\u003e\n  \u003cimg width=\"500\" src=\"https://raw.githubusercontent.com/android10/RaspberryPi-Wireguard/master/android_setup01.png\"\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cimg width=\"500\" src=\"https://raw.githubusercontent.com/android10/RaspberryPi-Wireguard/master/android_setup02.png\"\u003e\n\u003c/p\u003e\n\n**Arch Linux:**\n- Configure Wireguard -\u003e [Wireguard Arch Linux Wiki](https://wiki.archlinux.org/index.php/WireGuard). \n\n**Other clients:**\n- Configure Wireguard -\u003e [External Website](https://www.stavros.io/posts/how-to-configure-wireguard/). \n\n\n## Port Forwarding \n\nYou need to forward one port in your router:\n  - **Type:** UDP. \n  - **Port:** 51820.\n\n\n## Useful Commands:\n\n```console\n# See WireGuard current state:\npi:~ $ sudo wg \n\n# Bring up the interface:\npi:~ $ sudo wg-quick down wg0\n\n# Close the interface:\npi:~ $ sudo wg-quick down wg0\n\n# Configure the wg0 interface:\npi:~ $ sudo vim /etc/wireguard/wg0.conf\n\n# Check current service status:\npi:~ $ systemctl status wg-quick@wg0.service\n```\n\n\n## Resources:\n\n### WireGuard website:\n - https://www.wireguard.com\n - https://www.wireguard.com/install/\n - https://www.wireguard.com/talks/eindhoven2018-slides.pdf\n\n### Arch Linux wiki:\n - https://wiki.archlinux.org/index.php/WireGuard\n - https://wiki.archlinux.org/index.php/WireGuard#Server_2\n\n\n\n## Credits\n - https://github.com/adrianmihalko/raspberrypiwireguard\n - https://emanuelduss.ch/2018/09/wireguard-vpn-road-warrior-setup/\n - https://www.ckn.io/blog/2017/12/28/wireguard-vpn-portable-raspberry-pi-setup/\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandroid10%2Fraspberrypi-wireguard","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fandroid10%2Fraspberrypi-wireguard","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandroid10%2Fraspberrypi-wireguard/lists"}