Add WireGuard Configuration

To add a new WireGuard Configuration, click the big "+" button on the top right of the Home page.

Add configuration button

1

Open the Add Configuration form

Click the "+" button to open the form for creating a new WireGuard configuration.

2

Fill the form fields

• Name

  • This will be the name of your WireGuard Configuration. Rules:

    • Can't use an existing WireGuard configuration's name.

    • Must match the regex: ^[a-zA-Z0-9_=+.-]{1,15}$

• Private Key & Public Key

  • Both keys are pre-generated.

  • If you wish to use your own key pair, paste your Private Key into the input — the Public Key will be generated automatically.

  • To re-generate a key pair, click the blue refresh button on the right of the Private Key input.

• Listen Port

  • Port that your configuration will listen on. It can't use the same port as another configuration.

• IP Address/CIDR

  • Defines the address range available to peers.

  • Example:

    10.0.0.1/24

    means peers can allocate IP addresses from:

    10.0.0.2 - 10.0.0.254

  • You can define multiple subnets, for example:

    10.0.0.1/24,2001:DB8::/64

• Optional Settings

  • PreUp — Shell commands to run before the configuration is turned on.

  • PreDown — Shell commands to run before the configuration is turned off.

  • PostUp — Shell commands to run after the configuration is turned on.

  • PostDown — Shell commands to run after the configuration is turned off.

You may encounter an issue where Peers/VPN Profiles show connected but don't have any internet access. If you encounter this issue, edit the PostUp and PostDown with the following:

PostUp:

iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

PostDown:

iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE