[GUIDE] How-to Use WireGuard on Android, Ubuntu, and macOS

TheVPNGuy · Dec 22, 2017

UPDATE UPDATE UPDATE -- OCTOBER 4, 2018: AzireVPN is no longer free, and therefore the below instructions will no longer work for non-paying folks, which is probably most of XDA. For this reason, you are advised to now use your own judgement when selecting a WireGuard VPN host. Two recommended ones, as of writing, are:

- Mullvad - more servers, better bandwidth, more mature company
- AzireVPN - newer, has IRC channel, uses custom PXE-booting hardware

Even better, however, is that you run your own server using an inexpensive (or sometimes free) VPS.

If other providers become free, we can update this thread.

WireGuard is a next-generation VPN protocol that's extremely fast, secure, and well suited for mobile devices. It was recently featured on XDA news and there's an active thread for developers-only. This post is a how-to for normal people.

WireGuard is just the protocol and software. But to use it, you need to send your traffic through a server. There are a few commercial providers -- AzireVPN and Mullvad, for example -- or you can setup your own server. This guide will focus on AzireVPN~~, simply because as of writing, it's free,~~ not because it's any better or worse than others.

==== For your Android Phone ====

1. Install the WireGuard app: https://play.google.com/store/apps/details?id=com.wireguard.android

~~2. Sign up for AzireVPN: https://www.azirevpn.com/manager/auth/register~~

~~3. Generate and download a configuration zip from: https://www.azirevpn.com/cfg/wireguard~~

4. Import it into the WireGuard app using "Add from file or archive"

==== For your Ubuntu Computer ====

1. Install WireGuard:

Code:

$ sudo add-apt-repository ppa:wireguard/wireguard
$ sudo apt-get update
$ sudo apt-get install wireguard-dkms wireguard-tools linux-headers-$(uname -r)

~~2. Sign up for AzireVPN: https://www.azirevpn.com/manager/auth/register~~

3. Run the Azire script:

Code:

$ curl -LO https://www.azirevpn.com/dl/azirevpn-wg.sh $ chmod +x ./azirevpn-wg.sh $ ./azirevpn-wg.sh

4. Turn on WireGuard:

Code:

$ wg-quick up azirevpn-se1

==== For your macOS Computer ====

1. Install Homebrew: https://brew.sh

2. Install WireGuard:

Code:

$ brew install wireguard-tools

~~3. Sign up for AzireVPN: https://www.azirevpn.com/manager/auth/register~~

4. Run the Azire script:

Code:

$ curl -o azirevpn-wg.sh https://www.azirevpn.com/dl/azirevpn-wg.sh $ chmod +x ./azirevpn-wg.sh $ ./azirevpn-wg.sh

5. Turn on WireGuard:

Code:

$ wg-quick up azirevpn-se1

That should be it!

Direct any questions to the WireGuard IRC channel -- #wireguard on Freenode.

zx2c4 · Dec 22, 2017

Thanks for writing this! I've linked to it on the WireGuard developers' thread.

kantjer · Dec 23, 2017

I have setup WireGuard a few days ago on Android exactly as descripted in the howto. Everything is working perfect only issue I can't access devices on my local network with WG enabled.
I have been looking for a way to bypass WG for local traffic but haven't found a solution yet.

Any tips on how to this, or alternatively is is possible to switch WG on/off via the command line so I can use Tasker to switch WG off when on my local network.

zx2c4 · Dec 23, 2017

kantjer said:
I have setup WireGuard a few days ago on Android exactly as descripted in the howto. Everything is working perfect only issue I can't access devices on my local network with WG enabled.
I have been looking for a way to bypass WG for local traffic but haven't found a solution yet.

Any tips on how to this, or alternatively is is possible to switch WG on/off via the command line so I can use Tasker to switch WG off when on my local network.

Thanks for the report. I'm wrapped up in end of the year festivities right now, but when that's over I'll try to reproduce the local network issue and see if I can provide a workaround or toggle switch.

In the meantime, indeed you can use Tasker as you described. In the settings menu of the app, choose "Install command line tools." After, you'll be able to type "wg-quick up somename" and "wg-quick down somename." You can look at the status of existing vpn connections with the "wg" command too. Let me know how it goes!

bonbonboi · Dec 23, 2017

Thanks for this project, looking for a test drive of WireGuard app, but there's a lot of users like I, don't use google apps, so if you are interested to support us through https://f-droid.org/ by adding your app to repo.

kantjer · Dec 24, 2017

zx2c4 said:
In the meantime, indeed you can use Tasker as you described. In the settings menu of the app, choose "Install command line tools." After, you'll be able to type "wg-quick up somename" and "wg-quick down somename." You can look at the status of existing vpn connections with the "wg" command too. Let me know how it goes!

The wg-quick up/down works perfect for temporary disable WG to sync with my NAS. Thanks for the tip.

dixan43 · Dec 26, 2017

error bringing up tunnel.. can anybody help me with a working configuration file.. pm me the file..

zx2c4 · Dec 26, 2017

dixan43 said:
error bringing up tunnel.. can anybody help me with a working configuration file.. pm me the file..

No. Send logs from `adb logcat` or the Matlog app instead, so we can help solve this issue.

dixan43 · Dec 26, 2017

zx2c4 said:
No. Send logs from `adb logcat` or the Matlog app instead, so we can help solve this issue.

here

dixan43 · Dec 26, 2017

zx2c4 said:
No. Send logs from `adb logcat` or the Matlog app instead, so we can help solve this issue.

beacon kernel developer here suggested me to turn off internet and connect wireguard config and then turn on internet.. and it just connected with internet off.. so is it supposed to work like that?
-- so when I connect it with internet already on, it gives that error..
-- when internet off, it connects and remains connected there after..

anwarsheriff · Dec 26, 2017

zx2c4 said:
No. Send logs from `adb logcat` or the Matlog app instead, so we can help solve this issue.

Same error bringing up tunnel.

dixan43 · Dec 26, 2017

anwarsheriff said:
Same error bringing up tunnel.

despite that error, yu can still connect to VPN by disabling internet, then connect.. it will connect.. then just switch internet on.

zx2c4 · Dec 26, 2017

dixan43 said:
here

Thanks for the extremely useful log file. The issue is that your external interface has too small of an MTU, so v6 fails. I've fixed wg-quick so silently work around this error here -- https://git.zx2c4.com/wireguard-android/commit/?id=f1f36fb600ffdaa59f838f6866f594e8e690170d -- and I uploaded a new version to the play store. After you update, let me know if the error goes away for you.

zx2c4 · Dec 26, 2017

dixan43 said:
beacon kernel developer here suggested me to turn off internet and connect wireguard config and then turn on internet.. and it just connected with internet off.. so is it supposed to work like that?
-- so when I connect it with internet already on, it gives that error..
-- when internet off, it connects and remains connected there after..

I wish such "kernel developer"s would try debugging the issue with me first -- to get at whatever the core problem is -- before doling out dubious incantations like that. Alas.

zx2c4 · Dec 26, 2017

dixan43 said:
despite that error, yu can still connect to VPN by disabling internet, then connect.. it will connect.. then just switch internet on.

He's facing a different issue. Please stop spreading this advice, even if it works. It's a terrible way of "fixing" things and will just ensure people's issues never get fixed the proper way.

zx2c4 · Dec 26, 2017

anwarsheriff said:
Same error bringing up tunnel.

You're actually encountering a different error. Specifically, for you, it's -- "12-26 21:49:02.224 V/WireGuard/RootShell(972): stderr: RTNETLINK answers: Out of memory", in response to `ip link add wg0 type wireguard`. That's super unexpected and weird. Could you tell me what kernel you're running on your phone (link to xda thread and github too), what phone you have, and whatever other useful information you can come up with? Does your phone, in fact, have a super limited amount of ram? I'll likely need to bring out the heavy machinery here.

anwarsheriff · Dec 26, 2017

zx2c4 said:
You're actually encountering a different error. Specifically, for you, it's -- "12-26 21:49:02.224 V/WireGuard/RootShell(972): stderr: RTNETLINK answers: Out of memory", in response to `ip link add wg0 type wireguard`. That's super unexpected and weird. Could you tell me what kernel you're running on your phone (link to xda thread and github too), what phone you have, and whatever other useful information you can come up with? Does your phone, in fact, have a super limited amount of ram? I'll likely need to bring out the heavy machinery here.

Phone being used: Redmi Note 3 with 3gb ram and 32gb storage.

ROM & Android version: Nitrogen OS 8.1
Link to ROM thread: https://xdaforums.com/redmi-note-3/development/rom-nitrogen-os-11-01-2017-t3536211

Kernel used: Agni AGNi pureLOS-N/O v11.8
Link to thread: https://xdaforums.com/redmi-note-3/development/kernel-02-10-2016-agni-purecm-n-v1-7-t3472640

Hope that helps

---------- Post added at 09:32 PM ---------- Previous post was at 09:12 PM ----------

zx2c4 said:
You're actually encountering a different error. Specifically, for you, it's -- "12-26 21:49:02.224 V/WireGuard/RootShell(972): stderr: RTNETLINK answers: Out of memory", in response to `ip link add wg0 type wireguard`. That's super unexpected and weird. Could you tell me what kernel you're running on your phone (link to xda thread and github too), what phone you have, and whatever other useful information you can come up with? Does your phone, in fact, have a super limited amount of ram? I'll likely need to bring out the heavy machinery here.

Well to keep you updated. I cleaned the ROM and tried another wireguard implemented kernel. No issues anymore. It gets connected.

Working kernel Link: https://xdaforums.com/redmi-note-3/development/kernel-shadow-kernel-redmi-note-3-kenzo-t3689866

Was it the kernel or the wireguard app update that fixed the issue?

dixan43 · Dec 27, 2017

zx2c4 said:
Thanks for the extremely useful log file. The issue is that your external interface has too small of an MTU, so v6 fails. I've fixed wg-quick so silently work around this error here -- https://git.zx2c4.com/wireguard-android/commit/?id=f1f36fb600ffdaa59f838f6866f594e8e690170d -- and I uploaded a new version to the play store. After you update, let me know if the error goes away for you.

yea the error is gone.. it's fixed with the update.. thnx.

anujyadava · Dec 27, 2017

Which ones to use for fastest internet and best battery life?
I am from India

poincare · Dec 31, 2017

Hi,

Just wondering about the Wireguard Android app. I have blu_spark, latest which supports Wireguard and the Android app. I aslo have the name and public key for the Mullvad Wireguard server. My question is on the Android app:

Under Interface,
Name: <<should be my Wireguard provider? E.g., Mullvad?>>
Address: <<should be blank? My behind-NAT-address such as 192.168.1.41? Router IP address such as 64.121.124.59? Or something like 0.0.0.0?>>

Under Peer,
Allowed IPs: <<should be same as Interface Address? Something else?>>
Endpoint: <<should be the ip address/name of Mullvad WG server?>>

Thanks.

[GUIDE] How-to Use WireGuard on Android, Ubuntu, and macOS

New member

Recognized Developer

Inactive Recognized Contributor

Recognized Developer

Senior Member

Inactive Recognized Contributor

Senior Member

Recognized Developer

Senior Member

Attachments

Senior Member

Senior Member

Attachments

Senior Member

Recognized Developer

Recognized Developer

Recognized Developer

Recognized Developer

Senior Member

Senior Member

Senior Member

Attachments

Senior Member

Similar threads

Top Liked Posts