Set Up WireGuard VPN on Windows Server

Complete guide to installing and configuring WireGuard VPN on Windows Server

Windows Server

Native WireGuard support on Windows Server 2019/2022

Enterprise Ready

Secure VPN solution for Windows Server environments

High Performance

Optimized for Windows Server workloads

Prerequisites

Before starting, ensure you have:

Windows Server 2019 or Windows Server 2022
Administrator access to the server
Internet connection for downloading WireGuard
Windows Firewall configured or disabled for testing

1. Download and Install WireGuard

Download the WireGuard installer for Windows Server:

Visit WireGuard official download page
Download the Windows installer (wireguard-installer.exe)
Run the installer as Administrator
Follow the installation wizard

Note: WireGuard for Windows includes both the GUI client and the service for server use.

2. Generate Server Keys

Open PowerShell as Administrator and generate keys:

        copy
    
            # Generate private key 

            wg genkey | Out-File -FilePath C:\WireGuard\privatekey.txt -NoNewline 

            # Generate public key from private key 

            Get-Content C:\WireGuard\privatekey.txt | wg pubkey | Out-File -FilePath C:\WireGuard\publickey.txt -NoNewline 

            # Display keys (save these securely) 

            Get-Content C:\WireGuard\privatekey.txt 

            Get-Content C:\WireGuard\publickey.txt

3. Create Server Configuration

Create the server configuration file at C:\Program Files\WireGuard\Data\Configurations\wg0.conf:

        copy
    
            [Interface] 

            PrivateKey = YOUR_SERVER_PRIVATE_KEY_HERE 

            Address = 10.8.0.1/24 

            ListenPort = 51820 

            [Peer] 

            # Add client peers here 

            PublicKey = CLIENT_PUBLIC_KEY_HERE 

            AllowedIPs = 10.8.0.2/32

4. Configure Windows Firewall

Allow WireGuard through Windows Firewall:

        copy
    
            # Allow WireGuard UDP port 

            New-NetFirewallRule -DisplayName "WireGuard" -Direction Inbound -LocalPort 51820 -Protocol UDP -Action Allow

5. Enable IP Forwarding

Enable IP forwarding in Windows Registry:

        copy
    
            # Enable IP forwarding via Registry 

            Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" -Name "IPEnableRouter" -Value 1 

            # Restart the server or network service for changes to take effect

6. Start WireGuard Service

Start the WireGuard service:

        copy
    
            # Start WireGuard service 

            Start-Service WireGuardTunnel$wg0 

            # Set service to start automatically 

            Set-Service -Name WireGuardTunnel$wg0 -StartupType Automatic 

            # Check service status 

            Get-Service WireGuardTunnel$wg0

7. Verify Installation

Verify WireGuard is running correctly:

        copy
    
            # Check WireGuard status 

            wg show 

            # Check if interface is up 

            Get-NetAdapter | Where-Object {$_.Name -like "*WireGuard*"} 

            # Test connectivity from client

8. Add Additional Peers

To add more clients, edit the configuration file and add peer sections:

        copy
    
            [Peer] 

            PublicKey = CLIENT2_PUBLIC_KEY 

            AllowedIPs = 10.8.0.3/32 

            [Peer] 

            PublicKey = CLIENT3_PUBLIC_KEY 

            AllowedIPs = 10.8.0.4/32

After adding peers, restart the WireGuard service:

        copy
    
            Restart-Service WireGuardTunnel$wg0

Additional Resources

Ubuntu Server Setup Guide - For Linux-based setup
Troubleshooting Guide - Common issues and solutions
Performance Optimization - Tune your VPN for better speed