[TOOL] wg-config graduates to src/tools, becomes wg-auto-config

Jason A. Donenfeld Jason at zx2c4.com
Mon Jan 2 05:57:43 CET 2017

Hi guys,

The re-written `wg-auto-config` script is now a part of src/tools and
adds a few configuration variables to the configuration file format,
to make it really easy to define VPNs with a single file. This has
been requested by many of you, and here is, at long last, a basic

It's a simple bash script. It gets installed by `make install` in the
src/tools directory, but I realize that not all distributions want
this. For example, both NixOS and OpenWRT already have WireGuard built
into their network management utilities, and OpenWRT doesn't even ship
bash. So for these distributions, where it is useless, I expect for
them to install with `WITH_WGAUTOCONFIG=no make -C src/tools install`,
in order to not install it. As WireGuard gets integrated into other
network management utilities, such as systemd-networkd, I expect for
this script to fade in usefulness and eventually be removed all
together. But for now, it's quite helpful and will be useful to some

So what is this tool? Here's the man page:

And here's an example:

Address =
PostUp = echo ’nameserver’ | cmd resolvconf -a $INTERFACE -m 0
PostDown = cmd resolvconf -d $INTERFACE
PrivateKey = oK56DE9Ue9zK76rAc8pBl6opph+1v36lm7cXXsQKrQM=
PresharedKey = /UwcSPg38hW/D9Y3tcS1FOV0K1wuURMbS0sesJEP5ak=

PublicKey = GtL7fZc/bLnqZldpVofMCD6hDjrK28SsdLxevJ+qtKU=
AllowedIPs =
Endpoint = demo.wireguard.io:51820

This is a normal wg(8) format, except with the addition of the
"Address" line and the "PostUp" and "PostDown" lines. You give this to
wg-auto-config, and everything, including routing, is taken care of
for you. For example, save this in /etc/wireguard/wgdemo0.conf and
then run:

$ wg-auto-config up wgdemo0

And voila, your VPN is running.

Check out the man page, read the script --
https://git.zx2c4.com/WireGuard/tree/src/tools/wg-auto-config -- and
please let me know what you think before I cut the next snapshot.


More information about the WireGuard mailing list