How to Configure WireGuard on Windows [Step-by-Step]

  • Tunneling your PC’s traffic using your own WireGuard server is a bit different than using a plug-and-play app.
  • But this method has its benefits, if you value flexibility and speed.
  • Read on to learn how to create a WireGuard Windows config yourself.

Setting up WireGuard on your PC is one of the smartest ways to increase your online anonymity. Best of all, you can bolster your cybersecurity without experiencing the kind of speed loss associated with VPN sessions.

However, is it difficult to create a WireGuard Windows config from scratch?

Thankfully, it’s not that complicated. Our guide below will lead you through all the steps, so no worries. Let’s begin!

How to configure WireGuard on Windows?

You’ll need three ingredients for a successful WireGuard Windows config:

Installing WireGuard on a VPS is a topic for an entirely separate guide. So, this tutorial assumes that you’ve already done so.

Here are the simple steps you need to follow:

  1. Download the WireGuard Windows Installer from the official site.

    WireGuard Windows Installer

  2. Run the msi file to install the WireGuard client.

    WireGuard Windows Installer File

  3. Open the WireGuard GUI.

    WireGuard Client

  4. Click on Add Tunnel > Add empty tunnel to generate a pair of public and private keys automatically.

    WireGuard Client Add empty tunnel

  5. Name the tunnel.

  6. Add the following Interface and Peer sections to the configuration. Feel free to change the IP addresses and keys as you see fit.

    PrivateKey = 6MfKZxmFlVcmwtTDH0djHSEy672449WZaXjwm/vzW08=
    Address =
    DNS =

    PublicKey = dZek49BWgVCLJRMsG6k6QK5mzHFrfy4uhOLjPyTe5WE=
    AllowedIPs =
    Endpoint =

    For context:

    PrivateKey: The Windows client’s private key.
    Address: The client’s IP, which must be different from all clients.
    DNS: The DNS server’s IP.
    PublicKey: The VPS’s public key.
    AllowedIPs: The IPs you route over your VPN. The address is a catch-all. So, you’ll transmit everything through the VPN.
    Endpoint: The server’s external IP. Also, it’s the listening port. So, it should be identical to the server configuration’s ListenPort data.

  7. Insert this Peer section to the WireGuard configuration file:

    PublicKey = rbkuZ+3SyPtT/QLZhFhiTo555ekSCJRsHf3jJb5kdkI=
    AllowedIPs =

    For context:

    PublicKey: The Windows client’s public key.
    AllowedIPs: The IPs are permitted to use this tunnel.

  8. Make sure that both configurations reference the right keys and IPs.

  9. Leave the Block untunneled traffic box checked.

    Do this only when you have a single Peer section and use a catch-all configuration to restrict unwanted traffic.

  10. Click on Save.

  11. Click on Activate to establish your VPN connection.

That’s it!

To verify whether your VPN is leak-proof, go to If your connection works, it should show your WireGuard server’s IP and not your device’s.

If you want to add more clients to your server, you can follow the same steps. Just make sure that each one uses a unique IP.


Setting up WireGuard on your Windows system is more intimidating in your imagination than in practice.

As long as you follow the above steps, the status of your connection should say Active at the end. If it doesn’t, it means your client and server configurations don’t match.

So, you’ll just have to double-check the Log tab and look for errors in your WireGuard Windows config!

Leave a Comment