wireguard successfully installed, but where to go from here?

hi micha,

just installed wireguard and entered the routers DDNS on setup, but after the automatic restart, wireguard setup does not popup again and is complete?!
how to connect to it? I would like to generate the QR, but how to do that?

root@DietPi:~# qrencode -t ansiutf8 < client1.conf
-bash: client1.conf: No such file or directory
root@DietPi:~# qrencode -t ansiutf8 < /etc/wireguard/peer1.conf
-bash: /etc/wireguard/peer1.conf: No such file or directory

It did not ask me for my DNS (which should be the pihole).
any help is highly appreciated.

thanks in advance!


many thanks for your request. Pls can you check which config files are available on your WireGuard directory.

ls -la /etc/wireguard/

At least you should have 1 client file wg0-client.conf

In addition the WireGuard user guide from DietPi side https://dietpi.com/forum/t/dietpi-software-details-for-all-installation-options/22/127

total 32
drwx------ 2 root root 4096 Jul 9 08:31 .
drwxr-xr-x 70 root root 4096 Jul 9 08:32 …
-rw------- 1 root root 45 Jul 9 08:31 client_private.key
-rw------- 1 root root 45 Jul 9 08:31 client_public.key
-rw------- 1 root root 45 Jul 9 08:31 server_private.key
-rw------- 1 root root 45 Jul 9 08:31 server_public.key
-rw------- 1 root root 1357 Jul 9 08:31 wg0-client.conf
-rw------- 1 root root 1157 Jul 9 08:31 wg0.conf

pls follow the user guide I linked above. It describe how to create the QR code for the clients. As well you can check inside wg0-client.conf about your settings for DNS Server

thanks, I can connect now. but internet access is not possible :frowning:

can you check on your server using wg command if connection is established? Did you use PiHole as DNS server? DId you changed inside PiHole the configuration to Listen on all interfaces, permit all origins?

interface: wg0
public key:
private key: (hidden)
listening port: 51820

allowed ips:

I removed the keys, but it seems like the connection is established. pihole has all permits, yes. DNS was set in router, not in wireguard.

I did set up a port forward in router


I guess connection is not working.

Usually it should looks like this. You should see thinks like latest handshake and transfer data

root@DietPi4:~# wg
interface: wg0
  public key: xxx
  private key: (hidden)
  listening port: 51820

peer: xxx
  allowed ips:
  latest handshake: 21 seconds ago
  transfer: 134.43 KiB received, 1.80 MiB sent

Did you forward UDP or TCP on your router?

I forwarded TCP 51820 for ipv4 and ipv6. what is the UDP port to forward?

WORKS NOW! UDP was the way to make it work.

thanks for helping me out!

yes you need to forward UDP and not TCP

about 55 mbit/s is maximum on my pi 2b, where it was 20 mbit/s on the pi zero throughput.

is that OK?

Managing vanilla WireGuard can be a bit of a manual chore even if you know what you’re doing. Have you thought about using a free management utility? e.g.

interesting tool but it doesn’t seem to be ready yet. Actual version is 0.1 and it has some parts missing like NAT masquerading or some unlogic behaviors on the UI. As well it will not respect current installations of WireGuard and is a conflicting installation for everyone who has WG setup already.