How to configure a Wireguard macOS client

Originally published at: https://serversideup.net/how-to-configure-a-wireguard-macos-client/

I am continuing my “mini-course” on Gain Flexibility & Increase Privacy with Wireguard VPN. If you haven’t seen that, that link is a great place to start. What you’ll achieve We will be connecting our macOS client to send traffic through our Ubuntu 20.04 Wireguard VPN server This is what it looks like: Prerequisites You…

I’m trying to set up Wire Guard on my iMac using Big Sur. The last instruction you give in your config tutorial is the command

sudo wg set wg0 peer YOUR_CLIENT_PUBLIC_KEY allowed-ips YOUR_CLIENT_VPN_IP

When I issue the command with my public key and VPN IP, it returns a message saying it doesn’t recognize wg. I’ve looked at Homebrew and some other places, and can’t find the command wg. Any ideas where I can find it to download to my Mac? Thanks.

Hey @slferris, be sure to run that command on your SERVER (not your Mac).

That command is run on the server because it’s establishing the trust of “allow the Mac (identified by its public key) to connect into this Wireguard server at this IP address”.

Hope this helps!

I’ve carefully followed your instructions for setting up both the Ubuntu/Wire Guard server and my Wire Guard client on macOS Big Sur. When I activate the client, it doesn’t work. Questions:

  1. is the VPN client interface supposed to be up at the same time as my ethernet interface on my iMac?
  2. I’ve used an IP address for my client as 10.0.0.5/32. Wire Guard assigns the /32 and appending /32 to 10.0.0.5 in the wg set command on the server gives me some sort of warning. Should I leave off the /32 in the wg set command or does it matter?
  3. are you aware of problems with Wire Guard and macOS Big Sur? Thanks

I think you’re confused where the server should be. I did not mention homebrew in any of my posts for installing Wireguard. My posts replicate this set up (notice the Mac is the client and Ubuntu is the server)

:point_right: Make sure you are running any wg commands on your server only.

You can leave the /32 out. I think that works fine.

None at all. I use it in production every day :grinning: