Note: This is correct as of December 2018 and should be seen only as an experiment because Wireguard is not yet production ready (pre version 1.0).

I have heard a lot about Wireguard VPN recently because I listen to some Linux-related podcasts and they were being very positive so I thought I’d try it out.

My aim was to set up a Wireguard VPN server on Amazon Web Services (AWS) and configure it to work on an iPhone (currently running iOS 12).

To do this I found very good two articles online and used bits from both. Combining those with installing a beta version of the Wireguard iOS app got me up and running.

The two articles I used were:

Article 1: Installing WireGuard on Amazon Lightsail 

Article 2: Wireguard VPN: Typical Setup

I suggest reading both in full before you start. There are many other articles out there that also explain how to set up Wireguard, so try them if these particular articles are not to your taste.

Setting up a virtual server on AWS

Article 1 is very good on this. It explains how to set up a virtual server on AWS, so follow the steps mentioned there.

I made a couple of changes. Firstly, I chose a different operating system. My choice was Ubuntu LTS 16.04. I did this for two reasons – I am familiar with Ubuntu and Article 2 also uses Ubuntu in its example.

The second change was that I used a different UDP port. Neither article specified a particular port number that should be used so I went with port 53133, which was mentioned here.

I mention the UDP port because it is something that has to be specified when setting up the virtual server on AWS.

Note about the user on the AWS Ubuntu server

When you log onto the virtual server, you do so as the user “ubuntu”. There is no password for this user. You must specify sudo otherwise you will get permission denied messages when running commands or modifying configuration files.

 

Setting up Wireguard on the virtual server

I used Article 2 for most configuration steps (eg installing Wireguard, generating server and client keys, generating server and client configs, firewall, DNS) and carried out the steps in the same order.

Make sure you read what you are copying / pasting from the article(s) as you have to insert your own specific information in some places (key details, IP address, UDP port number).

The only change I made was when naming the client config. Instead of calling it wg0-client.conf, I chose to call it simply client1. I thought it might be easier to follow later if I want to configure more clients so that they can connect to the server.

In Article 2 I finished with part 7 (configuring DNS). This is the last stage of setting up the server.

Part 8 is about setting up a client, but it is referring to a Linux machine. I want to get it working on iOS so there are some different steps to take.

Installing the Wireguard iOS app

The Wireguard iOS app is still in beta so you have to use Apple’s Testflight app to install it. First install Testflight and then see the details here.

This will change in future once the app is out of beta, when you will be able to install it in the normal way.

 

Setting up the Wireguard iOS app with your configuration details

For this, I return to Article 1. Go to the “Client setup” section.

Ignore the fact that it talks about an Android app.

At this point we have already set up the client config file on the server so it is not necessary to do that again.

The bit that you need describes how to create a QR code. Run the “qrencode” command, ensuring that the client name you use matches the name of the client config file on the server (mine is called client1).

Note that qrencode was not installed by default on Ubuntu 16.04 but was quickly installed with apt-get.

This will actually display a QR code in the terminal window.

In the iOS app choose the option to create a Wireguard tunnel from a QR code, give the app permission to use the phone’s camera if necessary and then point the phone at the QR code on the screen.

An entry for your Wireguard server will appear in the app – just switch it on.

I’d recommend that you do the checks to make sure that your phone is routing through the VPN server by testing your IP address and DNS queries.