How to install Wireguard on your Windows Server.

If you are looking to install Wireguard on your Windows Server or Windows 10 / 11 then follow these instructions.

Step 1: Download the latest ‘Wg Server for Windows’ from Github – https://github.com/micahmo/WgServerforWindows
Download the latest .exe under the latest releases link on that page.

Step 2: Run the WS4WSetup…exe and next all the way through.
It may install the ‘Microsoft Windows Desktop Runtime – 3.1.21 (x64)’ at the end – So allow that to fully install.

Step 3: Open the now installed WS4W application and click to install ‘Wireguard.exe’ which is first on the list.
When its done – a popup window will appear saying ‘import tunnels’ – just close that. Job done.

Step 4: Now go to ‘Server Configuration’
Enter any ‘Name’ at the top.
Leave listen port on 51820
Leave Allowed IPs as 0.0.0.0/0
Click ‘Detect Public IP Address’ and it should auto detect the public IP.
*** Make sure you MAP A FIREWALL PORT for port 51820 as UDP on your hardware firewall <<<<——- IMPORTANT
*** Note that it must be a UDP mapped port – you do not need TCP for this.
The endpoint will show as MYIPADDRESS:51820
Then under ‘Address’ below just leave it as 10.253.0.0/24
Click ‘Generate’ on Private and Public Key.
Now SAVE.

Step 5: Open the ‘Client Configuration’
Hit the ‘Add Client’ button.
Put an relevant name in the ‘Name’ section.
Next in the ‘Address’ section press Generate from Server.
In ‘Allowed IPs’ leave it as 0.0.0.0/0 to allow any external IP to connect.
DNS put in your preferred server or use 8.8.8.8, 1.1.1.1 as a universal option.
Leave the ‘DNS Search Domains’ blank.
Private Key – Hit Generate and the same for Public Key. (This does not need to be copied from anywhere else)
‘Persistent Keepalive’ set it to ’25’
Preshared Key – Once again do the Generate option and this will also be unique to this entry.
Now click SAVE.
Once its saved – go back into the client configuration and click ‘Generate QR Code’ or ‘Export Configuration File’ which will be used on your clients install.

Step 6: Click install ‘Tunnel Service’ – Wait for it to complete and that is it.

Step 7: Click ‘Make Private’ – Wait and all done.

Step 8: Click ‘Enable NAT’ and Enable (Do NOT enable the Internet Connection Sharing or Persistent Internet Sharing option)

Step 9: All done and now you can close down the WS4W software as the Wireguard Server will simply run in the background and persist after reboot.


Similar Posts

Leave a Reply