Connecting on Linux

Generate a key pair

WireGuard uses a key pair for encrypting and decrypting traffic. You need a key pair that consists of a private key and a public key. Your private key is only meant to be seen and used by you. Anyone in posession of your private key can impersonate you, so keep it secret. Your public key, however, is not a secret. You need to share it with the VPN server so that it can communicate with you.

Notice! WireGuard keys are different from SSH keys. Please generate WireGuard keys.

Begin by generating a key pair.

# all files created in this session may be accessed
# only by the owner (you)
umask 077

# generate a private key and write it to a file named `privatekey`
# in the current directory
wg genkey > privatekey

# generate a public key based on the generated private key and write
# it to a file named `publickey` in the current directory
wg pubkey < privatekey > publickey

In your current directory there should be two text files now (privatekey and publickey), which contain your keys. If you are not sure what your current directory is, you can run the pwd command.

Submit your public key

Send the public key via a plaintext email to robert.nowak@pw.edu.pl from your university email @pw.edu.pl. Please provide the following information:

if you are a diploma student / PhD student / employee
full name of your supervisor (only if diploma student)
your public key

Here is a handy email template:

To: robert.nowak@pw.edu.pl
Subject: VPN key submission

I'm a diploma student / PhD student / employee.
My supervisor is: Aaa Bbbbbbbb
My public key is: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=

Or if you prefer polish

To: robert.nowak@pw.edu.pl
Subject: Klucz VPN

Jestem dyplomantem / doktorantem / pracownikiem.
Moim opiekunem jest: Aaa Bbbbbbbb
Mój klucz publiczny to: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=

You will get a response with an IP address. You will need it in the next step.

Substitute your private key

Create a WireGaurd config file. I will use wg0.conf for its name.

Replace fff...= (third line) with your private key and 10.221.0.x (second line) with the address you got in an email.

[Interface]
Address = 10.221.0.x/32
PrivateKey = fffffffffffffffffffffffffffffffffffffffffff=

[Peer]
# Name = ai
PublicKey = mAfTPSnzD99ulwhhJX7ZgIUzfVl48nFLg1XlCBdloWY=
Endpoint = ai.ii.pw.edu.pl:51820
AllowedIPs = 10.221.0.0/24,10.221.128.0/24,192.168.173.0/24

Add a WireGuard connection

Use the created config file to configure WireGuard.

sudo cp wg0.conf /etc/wireguard/wg0.conf
sudo chown root:root /etc/wireguard/wg0.conf
sudo chmod 700 /etc/wireguard/wg0.conf

Now your connection is ready to be started.

sudo wg-quick up wg0

On some distributions, resolvconf might be missing. If you get an error stating that resolvconf was not found, install an appropriate package from your distribution’s repositories.

If your connection becomes inactive due to a reboot, just run the last command.

Verify connection

If you can access os.ai.ii.pw.edu.pl then the VPN connection is up.

Thanks to Jakub Łyskawa for verifying these instructions.